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Ete 
Introduction 


Number Theory and Mathematical Thinking 


One of the great steps in the development of a mathematician is becoming 
an independent thinker. Every mathematician can look back and see a time 
when mathematics was mostly a matter of learning techniques or formulas. 
Later, the challenge was to learn some proofs. But at some point, the suc- 
cessful mathematics student becomes a more independent mathematician. 
Formulating ideas into definitions, examples, theorems, and conjectures be- 
comes part of daily life. 

This textbook has two equally significant goals. One goal is to help you 
develop independent mathematical thinking skills. The second is to help 
you understand some of the fundamental ideas of number theory. 

You will develop skills of formulating and proving theorems. Mathemat- 
ics is a participatory sport. Just as a person learning to play tennis would 
expect to play tennis, people seeking to learn to think like a mathematician 
should expect to do those things that mathematicians do. Also, in analogy 
to learning a sport, making mistakes and then making adjustments are clear 
parts of the experience. 

Number theory is an excellent subject for learning the ways of mathe- 
matical thought. Every college student is familiar with basic properties of 
numbers, and yet the study of those familiar numbers leads us into waters 
of extreme depth. Many simple observations about small, whole numbers 
can be collected, formulated, and proved. Other simple observations about 
small, whole numbers can be formulated into conjectures of amazing rich- 
ness. Many simple-sounding questions remain unanswered after literally 
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thousands of years of thought. Other questions have recently been settled 
after being unsolved for hundreds of years. 

Throughout this book, we will continue to emphasize the dual goals of 
developing mathematical thinking skills and developing an understanding 
of number theory. The two goals are inextricably entwined throughout and 
seeking to disentangle the two would be to miss the essential strategy of 
this two-pronged approach. 

The mathematical thinking skills developed here include being able to 

e look at examples and formulate definitions and questions or conjec- 

tures; 


e prove theorems using various strategies; 


e determine the correctness of a mathematical argument independently 
without having to ask an authority. 
Clearly these thinking skills are applicable across all mathematical topics 
and outside mathematics as well. 


Note on the approach and organization 


Each chapter contains definitions, examples, exercises, questions, and state- 
ments of theorems. Definitions are generally preceded by examples and dis- 
cussion that make that definition a natural consequence of the experience 
of the examples and the line of thinking presented. We want you to see the 
development of mathematics as a natural exploration of a realm of thought. 
Never should mathematics seem to be a mysterious collection of definitions, 
theorems, and proofs that arise from the void and must be memorized for 
a test. 

Theorem statements arise as crystallized observations. Proofs are clear 
reasons that the statements are true. 

Each chapter concludes with some selective historical remarks on the 
chapter’s content. This is meant to place the ideas on an historical timeline. 
It is fascinating to see threads begin in antiquity and continue into the 21st 
century with no clear end in sight. 

Chapters one through four present concepts that are used in all the future 
chapters. Chapter five on cryptography does not contain material that is 
required for the future chapters. Chapters six, seven, and eight are sequen- 
tially dependent. Chapters nine and ten are independent and can be read 
any time after chapter four. In a semester course, the authors generally treat 
chapters one through five, using the further chapters for future work and 
independent study projects. 
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Number theory contains within it some of the most fascinating insights 
in mathematics. We hope you will enjoy your exploration of this intriguing 
domain. 


Methods of thought 


Methods of thought, proof, and analysis are not facts to be learned once 
and set aside. They become useful tools as they appear recurrently in dif- 
ferent contexts and as you begin to incorporate them into your habits of 
approaching the unknown. 

While looking at numbers and finding patterns among them, it will be 
natural to develop an understanding of various ways to give convincing ar- 
guments. These different styles of proofs will become familiar and logically 
sound. We do not present these methods of proof in the abstract, but instead 
you will develop them as naturally occurring methods of stating logically 
correct reasons for the truth of statements. 

Some methods of thought, proof, and analysis are: 

e Finding patterns and formulating conjectures. 


e Making precise definitions. 
e Making precise statements. 


e Using basic logic. 


Forming negations, contrapositives, and converses of statements. 


Understanding examples. 


e Relating examples to the general case. 


Generalizing from examples. 
e Measuring complexity. 


e Looking for elementary building blocks. 


Following consequences of assumptions. 
e Methods of proof: 


— induction, 

— contradiction, 

— reducing complexity, 

— taking reasoning that works in a special case and making it gen- 

eral. 
By the end of the course these abilities and techniques will be natural 
strategies for you to use in your mathematical investigations and beyond. 
We hope you enjoy your inquiry into number theory. 
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Divisibility in the Natural Numbers 


How can one natural number be expressed as the product of smaller nat- 
ural numbers? This innocent sounding question leads to a vast field of 
interconnections among the natural numbers that mathematicians have been 
exploring for literally thousands of years. The adventure begins by recalling 
the arithmetic from our youth and looking at it afresh. 

In this chapter we start our investigation of the natural numbers by defin- 
ing divisibility and then presenting the ideas of the Division Algorithm, 
greatest common divisors, and the Euclidean Algorithm. These ideas in 
turn allow us to find integer solutions to linear equations. 

The natural numbers are naturally ordered in one long ascending list; 
however, many experiences in everyday life are cyclical—hours in the day, 
days in a week, motions of the planets. This concept of cyclicity gives rise 
to the idea of modular arithmetic, which formalizes the intuitive idea of 
numbers on a cycle. In this chapter, we will introduce the basic idea of 
modular arithmetic but will develop the ideas further in future chapters. 

As you explore questions of divisibility of integers and questions about 
modular arithmetic, you will develop skills in proving theorems, including 
proving theorems by induction. 


Definitions and examples 


Many people view the natural numbers as the most basic of all mathe- 
matical ideas. A 19th century mathematician, Leopold Kronecker, famously 
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said roughly, “God gave us the natural numbers—all else is made by hu- 
mankind.” The natural numbers are the counting numbers to which we were 
introduced in our childhoods. 


Definition. The natural numbers are the numbers {1, 2, 3, 4, ...}. 


The ideas of 0 and negative numbers are abstractions of the natural 
numbers. Those ideas extend the natural numbers to the integers. 


Definition. The integers are {..., —3, —2, —1, 0, 1, 2, 3, ...}. 


The basic relationships between integers that we will explore in this 
chapter are based on the divisibility of one integer by another. 


Definition. Suppose a and d are integers. Then d divides a, denoted d|a, 
if and only if there is an integer k such that a = kd. 


Notice that this definition gives us a practical conclusion from the asser- 
tion that the integer d divides the integer a, namely, the existence of a third 
integer k with its multiplicative property, namely, that a = kd. Mathemati- 
cal definitions encapsulate intuitive ideas, but then pin them down. Having 
this formal definition of divisibility will allow you to say clearly why some 
theorems about divisibility are true. Remembering the formal definition of 
divisibility will be useful throughout the course. 

We next turn to a more complicated definition that we will see captures 
the idea of numbers arranged in a cyclical pattern. For example, if you wrote 
the natural numbers around a clock, you would put 13 in the same place 
as 1 and 14 in the same place as 2, etc. That idea is what is formalized in 
the following definition of congruence. 


Definition. Suppose that a, b, and n are integers, with n > 0. We say that 
a and b are congruent modulo n if and only if n|(a — b). We denote this 
relationship as 

a=b (mod n) 
and read these symbols as “a is congruent to b modulo n.” 


We will soon begin with the first set of questions. They come in several 
different flavors which we roughly categorize as “Theorem” (or “Lemma” or 
“Corollary”), “Question”, or “Exercise.” A Theorem denotes a mathematical 
statement to be proved by you. For example: 


Example Theorem. Let n be an integer. If 6|n, then 3\n. 
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Then you would supply the proof. For example, your proof might look 
like this: 


Example Proof. Our hypothesis that 6|1 means, by definition, that there 
exists an integer k such that n = 6k. The conclusion we want to make is 
that 3 also divides n. By definition, that means we want to show that there 
exists an integer k’ such that n = 3k’. Since n = 6k = 3(2k), we can take 
k’ = 2k, satisfying the definition for n to be divisible by 3. oO 


Here’s an example that uses a congruence. 


Example Theorem. Let k be an integer. If k = 7 (mod 2), then k = 3 
(mod 2). 


Example Proof. Our hypothesis that k = 7 (mod 2) means, by definition, 
that 2|(k — 7), which, also by definition, means there exists an integer j 
such that k — 7 = 27. Adding 4 to both sides of the last equation yields 
k-3=2j +4 = 2( + 2). Since j + 2 is also an integer, this means 
2|(k — 3), or k = 3 (mod 2), and so the theorem is proved. O 


In giving proofs, rely on the definitions of terms and symbols, and feel 
free to use results that you have previously proved. Avoid using statements 
that you “know”, but which we have not yet proved. 

A “Question” is often open-ended, leaving the reader to speculate on 
some idea. These should be given considerable thought. An “Exercise” is 
often computational in nature, illustrating the results of previous (or up- 
coming) theorems. These help you to make sure your grasp of the material 
is firm and grounded in the reality of actual numbers. 


Divisibility and congruence 


The next theorems explore the relationship between divisibility and the 
arithmetic operations of addition, subtraction, multiplication, and division. 
Frequently a good strategy for generating valuable questions in mathematics 
is to take one concept and see how it relates to other concepts. 


1.1 Theorem. Let a, b, and c be integers. If a\b and a\c, then a|(b +c). 
1.2 Theorem. Let a, b, and c be integers. If a\b and a|c, then a|(b —c). 


1.3 Theorem. Let a, b, and c be integers. If a\b and a\c, then a|bc. 
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Any theorem has a hypothesis and a conclusion. That structure of theo- 
rems automatically suggests questions, namely, can the theorem be strength- 
ened? If we are able to deduce the same result with fewer or weaker hy- 
potheses, then we will have constructed a stronger theorem. Similarly, if we 
are able to deduce a stronger conclusion from the same hypotheses, then we 
will have constructed a stronger theorem. So attempting to weaken the hy- 
pothesis and still get the same conclusion, or keep the same hypotheses but 
deduce a stronger conclusion, are two fruitful investigations to follow when 
we seek new truths. So let’s try this strategy with the previous theorem. 

When you are considering whether a particular hypothesis implies a par- 
ticular conclusion, you are considering a conjecture. Three outcomes are 
possible. You might be able to prove it, in which case the conjecture is 
changed into a theorem. You might be able to find a specific example 
(called a counterexample) where the hypotheses are true, but the conclu- 
sion is false. That counterexample would then show that the conjecture is 
false. Frequently, you cannot settle the conjecture either way. In that case, 
you might try changing the conjecture by strengthening the hypothesis, 
weakening the conclusion, or otherwise considering a related conjecture. 


1.4 Question. Can you weaken the hypothesis of the previous theorem and 
still prove the conclusion? Can you keep the same hypothesis, but replace 
the conclusion by the stronger conclusion that a*|be and still prove the 
theorem? 


If you consider a conjecture and discover it is false, that is not the end of 
the road. Instead, you then have the challenge of trying to find somewhat 
different hypotheses and conclusions that might be true. All these strategies 
of exploration lead to new mathematics. 


1.5 Question. Can you formulate your own conjecture along the lines of 
the above theorems and then prove it to make it your theorem? 


Here is one possible such theorem. Maybe it is the one you thought of 
or maybe you made a different conjecture. 


1.6 Theorem. Let a, b, and c be integers. If a\b, then a\bc. 


Let’s now turn to modular arithmetic. To begin let’s look at a few specific 
examples with numbers to gain some experience with congruences modulo 
a number. Doing specific examples with actual numbers is often a good 
strategy for developing some intuition about a subject. 
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1.7 Exercise. Answer each of the following questions, and prove that your 
answer is correct. 


1. Is 45 = 9 (mod 4)? 
2. Is 37 =2 (mod 5)? 
3. Is 37 =3 (mod 5)? 
4. Is 37 = —3 (mod 5)? 


You might construct some exercises like the preceding one for yourself 
until you are completely clear about how to determine whether or not a 
congruence is correct. 

When we gain some experience with a concept, we soon begin to see 
patterns. The next exercise asks you to find a pattern that helps to clarify 
what groups of integers are equivalent to one another under the concept of 
congruence modulo n. 


1.8 Exercise. For each of the following congruences, characterize all the 
integers m that satisfy that congruence. 


1. m =0 (mod 3). 


2. m =1 (mod 3). 
3. m =2 (mod 3). 
4. m =3 (mod 3). 
5. m = 4 (mod 3). 


To understand the definition of congruence, one strategy is to consider 
the extent to which congruence behaves in the same way that equality does. 
For example, we know that any number is equal to itself. So we can ask, “Is 
every number congruent to itself?” The reason that this is even a question 
is that congruence has a specific definition, so we need to know whether 
that specific definition allows us to deduce that any number is congruent 
to itself. 


1.9 Theorem. Let a and n be integers with n > 0. Then a =a (mod n). 


We will explore several cases where properties of ordinary equality sug- 
gest questions about whether congruence works the same way. For example, 
in equality, the order of the left-hand side versus the right-hand side of an 
equals sign does not matter. Is the same true for congruence? 
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1.10 Theorem. Let a, b, and n be integers withn > 0. Ifa = b (mod n), 
then b =a (mod n). 


Again, if a is equal to b and b is equal to c, we know that a is equal 
to c. But does the definition of congruence allow us to conclude the same 
about a string of congruences? It does. 


1.11 Theorem. Let a, b, c, and n be integers withn > 0. Ifa = b (mod n) 
and b = cc (mod n), then a =c (mod n). 


Note: If you are familiar with equivalence relations, you may note that 
the previous three theorems establish that congruence modulo n defines 
an equivalence relation on the set of integers. In the exercise before those 
theorems, you described the equivalence classes modulo 3. 

The following theorems explore the extent to which congruences behave 
the same as ordinary equality with respect to the arithmetic operations. 
We systematically go through the operations of addition, subtraction, and 
multiplication. Division, as we will see, requires more thought. 


1.12 Theorem. Let a, b, c, d, and n be integers withn > 0. Ifa = b 
(mod n) andc =d (mod n), thena+c=b+d (mod n). 


1.13 Theorem. Let a, b, c, d, and n be integers with n > 0. Ifa = b 
(mod n) and c =d (mod n), then a—c =b-—d (mod n). 


1.14 Theorem. Let a, b, c, d, and n be integers withn > 0. Ifa = b 
(mod n) and c =d (mod n), then ac = bd (mod n). 


Congruences also work well when taking exponents, as we will see in 
Theorem 1.18. One way to approach its proof is to start with simple cases 
and see how the general case follows from them. The following exercises, 
which are actually little theorems, present a strategy of reasoning known as 
proof by mathematical induction. In the appendix we explore this technique 
in more detail. 


1.15 Exercise. Let a, b, and n be integers with n > 0. Show that ifa = b 
(mod n), then a? = b? (mod n). 


1.16 Exercise. Let a, b, and n be integers with n > 0. Show that if a = b 
(mod n), then a? = b? (mod n). 


1.17 Exercise. Let a, b, k, and n be integers withn > 0 and k > 1. Show 
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that if a = b (mod n) and ak~! = bk-! (mod n), then 
ak =b* (mod n). 


1.18 Theorem. Let a, b, k, and n be integers with n > 0 and k > 0. If 
a =b (mod n), then 
ak =b* (mod n). 


At this point you have proved several theorems that establish that con- 
gruences behave similarly to ordinary equality with respect to addition, 
subtraction, multiplication, and taking exponents. To make all these the- 
orems more meaningful, it is helpful to see what they mean with actual 
numbers. Doing examples is a good way to develop intuition. 


1.19 Exercise. [/lustrate each of Theorems 1.12-1.18 with an example 
using actual numbers. 


You will have noticed that at this point, we have not yet considered 
the arithmetic operation of division. We ask you to consider the natural 
conjecture here. 


1.20 Question. Let a, b, c, and n be integers for which ac = bc (mod n). 


2” 


Can we conclude that a = b (mod n)? If you answer “yes”, try to give a 


proof. If you answer “no”, try to give a counterexample. 

We will continue the discussion of division at a later point. In the mean- 
time, we find that the concept of congruence and the theorems about ad- 
dition, subtraction, multiplication, and taking exponents allow us to prove 
some interesting facts about ordinary numbers. You may already have been 
told how to tell when a number is divisible by 3 or by 9. Namely, you 
simply add up the digits of the number and ask whether the sum of the 
digits is divisible by 3 or 9. For example, 1131 is divisible by 3 because 
3 divides 1 + 1 + 3+ 1. In the next theorems you will prove that these 
techniques of checking divisibility work. 


1.21 Theorem. Let a natural number n be expressed in base 10 as 
N= Apadp-1...a dQ. 


(Note that what we mean by this notation is that each a; is a digit of a 
regular base 10 number, not that the a; ’s are being multiplied together.) If 
m = dg + ag-1 +--+ +41 +40, thenn =m (mod 3). 
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Theorem. 4 natural number that is expressed in base 10 is divisible by 3 
if and only if the sum of its digits is divisible by 3. 


Note: An “if and only if” theorem statement is really two separate theo- 
rems that need two separate proofs. A good practice is to write down each 
statement separately so that the hypothesis and the conclusion are clear in 
each case. We have done that for you in the following case to illustrate the 
practice. 


1.22 Theorem. /fa natural number is divisible by 3, then, when expressed 
in base 10, the sum of its digits is divisible by 3. 


1.23 Theorem. /f the sum of the digits of a natural number expressed in 
base 10 is divisible by 3, then the number is divisible by 3 as well. 


When we have proved a theorem, it is a good idea to ask whether there are 
other, related theorems that might be provable with the same technique. We 
encourage you to find several such divisibility criteria in the next exercise. 


1.24 Exercise. Devise and prove other divisibility criteria similar to the 
preceding one. 


The Division Algorithm 


We next turn our attention to a theorem called the Division Algorithm. 
Before we state it, we point out a fact about the natural numbers that 
is obviously true. In fact, it’s so obvious that it is an axiom, meaning a 
statement that we accept as true without proof. The reason that we can’t 
really give a proof of it is that we have not really defined the natural 
numbers, but are just using them as familiar objects that we have known all 
our lives. If we were taking a very abstract and formal approach to number 
theory where we defined the natural numbers in terms of set theory, for 
example, the following statement might be one of the axioms we would 
use to define the natural numbers. Instead, we will just assume that the 
following Well-Ordering Axiom for the Natural Numbers is true. 


Axiom (The Well-Ordering Axiom for the Natural Numbers). Let S be any 
non-empty set of natural numbers. Then S has a smallest element. 


Since we are accepting this fact as true, you should feel free to use it 
whenever you wish. The value of this axiom is that it sometimes allows us 
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to pin down the reason why some assertion is true in a proof. Here is an 
example of how you might use the Well-Ordering Axiom for the Natural 
Numbers. 


Example Theorem. For every natural number n there is a natural number 
k such that 7k differs from n by less than 7. 


Example Proof. We could let S be the set of all numbers 77, where i is 
a natural number, such that 77 is greater than or equal to n. By the Well- 
Ordering Axiom for the Natural Numbers, S has a smallest element, call it 
7j. Then 7; differs from n by less than 7, otherwise 7(j — 1) would be a 
smaller element of S. O 


This example gives the flavor of how the Well-Ordering Axiom for the 
Natural Numbers is used; namely, we define an appropriate non-empty set 
of natural numbers and then look at that set’s smallest element to deduce 
something we want. You might consider using the Well-Ordering Axiom 
for the Natural Numbers in proving the Division Algorithm below. 

The Division Algorithm is a useful observation about natural numbers. 
Surprisingly often it captures exactly what we need to know to prove theo- 
rems about integers. After reading it carefully, you will see that it captures 
a basic property about ordinary division. 


Theorem (The Division Algorithm). Let n and m be natural numbers. Then 
(existence part) there exist integers q (for quotient) and r (for remainder) 
such that 

m=ngqt+r 


and 0 <r <n—1. Moreover (uniqueness part), if q, q' and r, r’ are any 
integers that satisfy 


m=nqt+r 
=ng' +r’ 
withO <r,r’ <n—1, theng=q' andr =r’. 


As usual, it is useful to look at some examples with actual numbers to 
understand the statement. 


1.25 Exercise. [//ustrate the Division Algorithm for: 


lm=25,n =7. 
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2,.m=277,n=4. 
3. m = 33,n = 11. 
4. m = 33,n = 45. 


1.26 Theorem. Prove the existence part of the Division Algorithm. 
(Hint: Given n and m, how will you define q? Once you choose this q, 
then how is r chosen? Then show that 0 <r <n-—1.) 


1.27 Theorem. Prove the uniqueness part of the Division Algorithm. 
(Hint: Ifng +r =nq' +r’, thenng—nq' =r'—r. Use what you know 
about r and r' as part of your argument that q = q'.) 


The following theorem connects the ideas of congruence modulo n with 
remainders such as occur in the Division Algorithm. It says that if the 
remainders are the same when divided by the modulus, then the numbers 
are congruent. 


1.28 Theorem. Let a, b, and n be integers withn > 0. Then a = b 
(mod n) if and only if a and b have the same remainder when divided 
by n. Equivalently, a = b (mod n) if and only if when a = nq, +1 
(0 <r, <n—1) and b =nq24+1r2 O< 12 <n—V), thenr, = 1. 


Greatest common divisors and linear Diophantine equations 


The divisors of an integer tell us something about its structure. One of the 
strategies of mathematics is to investigate commonalities. In the case of 
divisors, we now move from looking at the divisors of a single number to 
looking at common divisors of a pair of numbers. This strategy helps to 
illuminate relationships and common features of numbers. 


Definition. A common divisor of integers a and b is an integer d such that 
dla and d|b. 


Once we have isolated a definition such as common divisor, we proceed 
to explore its implications. The first question involves how many common 
divisors there are to a pair of integers. 


1.29 Question. Do every two integers have at least one common divisor? 


1.30 Question. Can two integers have infinitely many common divisors? 
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The greatest common divisor is a concept that plays a central role in the 
study of many of our future topics. 


Definition. The greatest common divisor of two integers a and b, not both 
0, is the largest integer d such that d|a and d|b. The greatest common 
divisor of two integers a and b is denoted gcd(a,b) or more briefly as 
just (a, b). 


One indication of the centrality of the concept of greatest common divisor 
is that it has two different notations including the extremely simple notation 
(a,b). You might think that this notation would be confusing because it is 
the same notation as for an interval on the real line; however, in the context 
of number theory, (a,b) always stands for the greatest common divisor. 

Having more divisors in common shows some commonality between 
numbers, but having almost no common divisors indicates that the num- 
bers do not share many factors. A pair of numbers that have no non-trivial 
common divisors have a special role to play and consequently are given a 
name, relatively prime. 


Definition. If gcd(a, b) = 1, then a and b are said to be relatively prime. 


As usual, a good way to develop intuition about a concept is to investigate 
some specific examples. 


1.31 Exercise. Find the following greatest common divisors. Which pairs 
are relatively prime? 


1. (36, 22) 
2 445,215) 
3. (—296, —88) 
4. (0,256) 

5. (15,28) 

6. (1, 2436) 


The next theorems explore conditions under which various pairs of num- 
bers have the same greatest common divisors. Notice in the next theorems 
that, although they look similar to the equation that we saw in the Division 
Algorithm, we use integers rather than natural numbers. Also, there is no 
hypothesis about the size of r in these theorems. 
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1.32 Theorem. Let a, n, b, r, and k be integers. Ifa =nb +r and k\a 
and k|b, then k|r. 


1.33 Theorem. Let a, b, 1, and r, be integers with a and b not both 0. 
Ifa =nyb +n, then (a,b) = (b, 11). 


1.34 Exercise. As an illustration of the above theorem, note that 


51= 3-154 6, 
15=2-6+4+3, 
6=2-3+0. 


Use the preceding theorem to show that if a = 51 and b = 15, then 
(51, 15) = (6,3) = 3. 


1.35 Exercise (Euclidean Algorithm). Using the previous theorem and the 
Division Algorithm successively, devise a procedure for finding the greatest 
common divisor of two integers. 


The method you probably devised for finding the greatest common divisor 
of two integers is actually very famous. It dates back to the third century 
B.C. and is called the Euclidean Algorithm. 


1.36 Exercise. Use the Euclidean Algorithm to find 
I. (96, 112), 
2. (162,31), 
3. (0, 256), 
4. (—288, —166), 
5. (1, -2436). 


The next exercise illustrates that the techniques that you are developing to 
find common divisors can also be used to find integer solutions to equations. 


1.37 Exercise. Find integers x and y such that 162x + 3ly = 1. 


This example is actually a special case of a general theorem that relates 
relatively prime numbers to integer solutions of equations. 

Note: In the next theorem, remember as before that an “if and only if” 
theorem statement is really two separate theorems. As usual, to keep things 
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clear, it’s a good practice to write each down separately. We have done that 
for you again in this case to illustrate the practice. 


Theorem. Let a and b be integers. Then a and b are relatively prime 
(i.e, (a,b) = 1) if and only if there exist integers x and y such that 
ax + by =1. 


Here, written separately, are the two theorems you must prove: 


1.38 Theorem. Let a and b be integers. If (a,b) = 1, then there exist 
integers x and y such that ax + by = 1. 

(Hint: Use the Euclidean Algorithm. Do some examples by taking some 
pairs of relatively prime integers, applying the Euclidean Algorithm, and 
seeing how to find the x and y. It is a good idea to start with an example 
where the Euclidean Algorithm takes just one step, then do an example 
where the Euclidean Algorithm takes two steps, then three steps, then look 
for a general procedure.) 


1.39 Theorem. Let a and b be integers. If there exist integers x and y 
with ax + by = 1, then (a,b) = 1. 


Once we have proved a theorem, we seek to find extensions or variations 
of it that are also true. In this case, we have just proved a theorem about 
relatively prime numbers. So it is natural to ask what we can say in the case 
that a pair of numbers is not relatively prime. We find that an analogous 
theorem is true. 


1.40 Theorem. For any integers a and b not both 0, there are integers x 
and y such that 
ax + by = (a,b). 


The following three theorems appear here for two reasons; one, because 
you might use some of the previous results to prove them, and, two, because 
they will be useful for theorems to come. 


1.41 Theorem. Let a, b, and c be integers. If albc and (a,b) = 1, then 
alc. 


1.42 Theorem. Let a, b, and n be integers. If a|n, b|n and (a,b) = 1, 
then ab|n. 


1.43 Theorem. Let a, b, and n be integers. If (a,n) = 1 and (b,n) = 1, 
then (ab,n) = 1. 
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Our analysis so far of linear Diophantine equations will now prove to be 
quite useful in resolving our outstanding concern with cancellation in mod- 
ular arithmetic. Recall your work in Question 1.20. Hopefully you showed 
the existence of integers a, b, c, and n (c not 0) for which ac = be 
(mod 7) and yet a is not congruent to b modulo n. 


1.44 Question. What hypotheses about a, b, c, and n could be added so 
that ac = bc (mod n) would imply a = b (mod n)? State an appropriate 
theorem and prove it before reading on. 


The next theorem answers the previous question, so be sure to answer 
Question 1.44 before reading further. The answer involves the concept of 
being relatively prime. 


1.45 Theorem. Let a, b, c and n be integers with n > 0. If ac = bc 
(mod n) and (c,n) = 1, thena = b (mod n). 


Theorems 1.39 and 1.40 begin to address the question: Given integers 
a, b, and c, when do there exist integers x and y that satisfy the equation 
ax + by = c? When we seek integer solutions to an equation, the equation 
is called a Diophantine equation. 


1.46 Question. Suppose a, b, and c are integers and that there is a solution 
to the linear Diophantine equation 


ax+by=c, 


that is, suppose there are integers x and y that satisfy the equation ax + 
by =. What condition must c satisfy in terms of a and b? 


1.47 Question. Can you make a conjecture by completing the following 
statement? 


Conjecture. Given integers a, b, and c, there exist integers x and y that 
satisfy the equation ax + by = c if and only if 


Try to prove your conjecture before reading further. 

The following theorem summarizes the circumstances under which an 
equation ax + by = c has integer solutions. It is an “if and only if” 
theorem, so, as always, you should write down the two separate theorems 
that must be proved. 


1.48 Theorem. Given integers a, b, and c with a and b not both 0, there 
exist integers x and y that satisfy the equation ax + by = c if and only if 
(a, b)\c. 
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This theorem tells us under what conditions our linear equation has any 
solution; however, it does not tell us about all the solutions that such an 
equation might have, so it brings up a question. 


1.49 Question. For integers a, b, and c, consider the linear Diophantine 
equation 
ax+by=c. 


Suppose integers x9 and yo satisfy the equation, that is, axo + byo = c. 
What other values 


x=xothandy=yotk 


also satisfy ax + by = c? Formulate a conjecture that answers this ques- 
tion. Devise some numerical examples to ground your exploration. For 
example, 6(—3) + 15-2 = 12. Can you find other integers x and y such 
that 6x + 15y = 12? How many other pairs of integers x and y can you 
find? Can you find infinitely many other solutions? 


The following question was devised by the famous mathematician Leon- 
hard Euler (1707-1783). It presents a real life situation involving horses 
and oxen so that we can all identify with the problem. Can you see how 
Euler’s problem is related to the preceding questions? 


1.50 Exercise (Euler). 4A farmer lays out the sum of 1,770 crowns in 
purchasing horses and oxen. He pays 31 crowns for each horse and 21 
crowns for each ox. What are the possible numbers of horses and oxen 
that the farmer bought? 


The following theorem shows you how to generate many solutions to our 
linear Diophantine equation, once you have one solution. 


1.51 Theorem. Let a, b, c, Xo, and yo be integers with a and b not both 
0 such that axo + byo = c. Then the integers 


a 


(a,b) 


Xx =Xo+ 


b 
(a, b) = Nae 


also satisfy the linear Diophantine equation ax + by =c. 


This theorem leaves open the question of whether this method of gener- 
ating alternative solutions generates all the solutions or whether there are 
yet more solutions. 
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1.52 Question. [f a, b, and c are integers with a and b not both 0, and 
the linear Diophantine equation 


ax+by=c 


has at least one integer solution, can you find a general expression for all 
the integer solutions to that equation? Prove your conjecture. 


The following theorem answers this question. It is actually two sepa- 
rate theorems that need two separate proofs. The first theorem says that 
certain numbers are solutions to ax + by = c. The second theorem, in 
the “Moreover” sentence, requires you to prove that no additional solutions 
exist. 


1.53 Theorem. Let a, b, and c be integers with a and b not both 0. If 
xX = Xo, Y = Yo is an integer solution to the equation ax + by = c (that 
is, AXq + byo = c) then for every integer k, the numbers 


i kb d ka 

x = Xo + ——~ and y = yo —- ——~ 

We Gy oo aD 

are integers that also satisfy the linear Diophantine equation ax +by = c. 
Moreover, every solution to the linear Diophantine equation ax + by =c 


is of this form. 
1.54 Exercise. Find all integer solutions to the equation 24x + 9y = 33. 


The previous theorem completes our analysis of the linear Diophantine 
equation 
ax+by=c. 


The analysis of the solutions of that Diophantine equation made good 
use of the greatest common divisor. We can now prove a theorem about 
greatest common divisors that might have been difficult to prove before 
we analyzed these Diophantine equations. However, it might be interesting 
to try to prove this simple sounding statement without using our theorems 
about Diophantine equations. 


1.55 Theorem. /f a and b are integers, not both 0, and k is a natural 
number, then 


gcd(ka, kb) = k - gcd(a,b). 


We complete the chapter by taking the idea of greatest common divisor 
and considering a related idea. Common divisors of two numbers divide 
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both numbers. A sort of opposite question is this: Suppose you are given 
two natural numbers. What numbers do those two numbers both divide; in 
other words, can we describe their common multiples? In particular, what 
is the least, common, positive multiple of two natural numbers? The first 
challenge is to write an appropriate definition. 


1.56 Exercise. For natural numbers a and b, give a suitable definition 
for “least common multiple of a and b”’, denoted \cm(a, b). Construct and 
compute some examples. 


The following theorem relates the ideas of the least common multiple 
and the greatest common divisor. 


1.57 Theorem. [fa and b are natural numbers, then gcd(a, b)-lcem(a, b) = 
ab. 


The next result is a corollary of Theorem 1.57. A corollary is a result 
whose proof follows directly from the statement of a previous theorem. 


1.58 Corollary. [fa and b are natural numbers, then \cm(a, b) = ab if 
and only if a and b are relatively prime. 


After completing a body of work, it is satisfying and helpful to put 
together the ideas in your mind. We urge you to take that step by considering 
the following question. 


1.59 Blank Paper Exercise. After not looking at the material in this chap- 
ter for a day or two, take a blank piece of paper and outline the development 
of that material in as much detail as you can without referring to the text 
or to notes. Places where you get stuck or can’t remember highlight areas 
that may call for further study. 


Linear Equations Through the Ages 


Apart from introducing key concepts we will use throughout our investi- 
gations in number theory, we found in this chapter a complete solution to 
the linear Diophantine problem. What do we mean by “complete”? Given 
a linear equation ax + by =c we can 


1. determine whether or not the equation has integer solutions, 
2. find an integer solution when one exists, 


3. use a given solution to completely describe a// integer solutions. 


24 Number Theory Through Inquiry 


We will see in later chapters that such a degree of success in providing a 
complete solution to a Diophantine equation is not always so simple. 

Problems of finding integer solutions to polynomial equations with integer 
coefficients have been dubbed Diophantine problems. Little is known of 
the Greek mathematician Diophantus of Alexandria. He most likely lived 
during the 3rd century A.D. (200-284 A.D.), and most of what survives 
from him today are six books from his treatise Arithmetica, a collection of 
130 problems giving integer and rational solutions to equations. But unlike 
our results of this chapter, Diophantus was more concerned with particular 
problems and solutions rather than general methods. 

General methods for finding solutions to linear Diophantine equations 
were first given by Indian mathematicians in the 5th century A.D. Notably, 
Aryabhata (476-550 A.D.), whose method of solving linear Diophantine 
equations translates as “pulverizer”, and later, Brahmagupta (598-670 A.D.) 
described such procedures. For Aryabhata, the problem arose through the 
following consideration: can we find an integer n which when divided by 
a leaves a remainder r and when divided by 6 leaves a remainder r’? The 
problem’s conditions can be translated into the following pair of equations 


n=ax +7, 


n=by+r'. 


Equating the right-hand sides, and setting c = r’ —r, gives the linear 
Diophantine equation 
ax —by =c. 


Progress did not occur in Western Europe for another 1000 years. It was 
not until the 17th century that their mathematicians began to piece together 
the solution as we have presented it in this chapter. Claude Bachet (1581-— 
1638), most famous for his Latin translation of Diophantus’ Arithmetica, 
rediscovered in 1621 a general method of finding a solution to ax = by+1 
when a and J are relatively prime. He employed a method much like ours, 
using the division algorithm repeatedly until a remainder of | is reached. 
Bachet then performed a sequence of “back substitutions” in a special way 
so as to avoid the need of negative numbers (which were not yet in common 
use). 

Leonhard Euler may have been the first to give an actual proof that if a 
and b are relatively prime, then ax + by = c is solvable in integers. What 
Euler in fact demonstrated is that the quantities c—ka, k =0,1,...,b—-1 
give b distinct remainders when divided by b. In particular, one, say c—k’a, 
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yields a remainder of 0; that is, c— k’a is equal to a multiple of b. Setting 
c —k’'a = nb then gives the solution x = k’ and y = n. 

Joseph Lagrange (1736-1830), who also proved a version of Euler’s 
result, went a step further to describe all integer solutions in terms of a 
given one. Perhaps he summed up the history of this problem best in stating 
that his method is “essentially the same as Bachet’s, as are also all methods 
proposed by all mathematicians.” 


SS lttt™s 
Prime Time 


The Prime Numbers 


One of the principal strategies by which we come to understand our physical 
or conceptual world is to break things down into pieces, describe the most 
basic pieces, and then describe how those pieces are assembled to create the 
whole. Our goal is to understand the natural numbers, so here we adopt that 
reductionist strategy and think about breaking natural numbers into pieces. 

We begin by thinking about how natural numbers can be combined to 
create other natural numbers. The most basic method is through addition. 
So let’s think about breaking natural numbers into their most basic pieces 
from the point of view of addition. What are the ‘elements’ so to speak with 
respect to addition of natural numbers? The answer is that there is only one 
element, the number 1. Every other natural number can be further broken 
down into smaller natural numbers that add together to create the number we 
started with. Every natural number is simply the sum of 1+ 1+1+---+1. 
Of course, this insight isn’t too illuminating since every natural number 
looks very much like any other from this point of view. However, it does 
underscore the most basic property of the natural numbers, namely, that 
they all arise from the process of just adding 1 some number of times. In 
fact, this property of natural numbers lies at the heart of inductive processes 
both for constructing the natural numbers and often for proving theorems 
about them. 

A more interesting way of constructing larger natural numbers from 
smaller ones is to use multiplication. Let’s think about what the elementary 
particles, so to speak, are of the natural numbers with respect to multipli- 
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cation. That is, what are the natural numbers that cannot be broken down 
into smaller natural numbers through multiplication. What natural numbers 
are not the product of smaller natural numbers? The answer, of course, is 
the prime numbers. 

The study of primes is one of the main focuses of number theory. As we 
shall prove, every natural number greater than 1 is either prime or it can 
be expressed as a product of primes. Primes are the multiplicative building 
blocks of all the natural numbers. 

The prime numbers give us a world of questions to explore. People have 
been exploring primes for literally thousands of years, and many questions 
about primes are still unanswered. We will prove that there are infinitely 
many primes, but how are they distributed among the natural numbers? 
How many primes are there less than a natural number n? How can we 
find them? How can we use them? These questions and others have been 
among the driving questions of number theory for centuries and have led 
to an incredible amount of beautiful mathematics. 

New concepts in mathematics open frontiers of new questions and un- 
charted paths of inquiry. When we think of an idea, like the idea of prime 
numbers, we can pose questions about them to integrate the new idea with 
our already established web of knowledge. New mathematical concepts then 
arise by making observations, seeing connections, clarifying our ideas by 
making definitions, and then making generalizations or abstractions of what 
we have observed. 

When we have isolated a concept sufficiently to make a definition, then 
we can state new theorems. We will see not only new theorems, but also 
new types of proof. 

All proofs are simply sequences of statements that follow logically from 
one another, but one structure of proof that you will develop and use in this 
chapter and future chapters is proof by induction. You will naturally come 
up with inductive styles of proving theorems on your own. In fact you may 
already have used this kind of argument in the last chapter, for example, 
in proving that the Euclidean Algorithm works. Inductive styles of proof 
are so useful that it is worthwhile to reflect on the logic involved. We have 
included an appendix that describes this technique of proof, and this may 
be a good time to work through that appendix. 


Fundamental Theorem of Arithmetic 


The role of definitions in mathematics cannot be overemphasized. They al- 
low us to be precise in our language and reasoning. When a new definition 
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is introduced, you should take some time to familiarize yourself with its de- 
tails. Try to get comfortable with its meaning. Look at examples. Memorize 
it. 


Definition. A natural number p > | is prime if and only if p is not the 
product of natural numbers less than p. 


Definition. A natural number n is composite if and only if n is a product 
of natural numbers less than n. 


The following theorem tells us that every natural number larger than 1 
has at least one prime factor. 


2.1 Theorem. [fn is a natural number greater than 1, then there exists a 
prime p such that p|n. 


To get accustomed to primes, it’s a good idea to find some. 


2.2 Exercise. Write down the primes less than 100 without the aid of a 
calculator or a table of primes and think about how you decide whether 
each number you select is prime or not. 


You probably identified the primes in the previous exercise by trial di- 
vision. For example, to determine whether or not 91 was prime, you might 
have first tried dividing it by 2. Once convinced that 2 does not divide 91, 
you probably moved on to 3; then 4; then 5; then 6. Finally, you reached 7 
and discovered that in fact 91 is not a prime. You were probably relieved, as 
you might have secretly feared that you would have to continue the daunt- 
ing task of trial division 91 times! The following theorem tells us that you 
need not have been too concerned. 


2.3 Theorem. 4 natural number n > 1 is prime if and only if for all primes 
p< Jn, p does not divide n. 


2.4 Exercise. Use the preceding theorem to verify that 101 is prime. 


The search for prime numbers has a long and fascinating history that 
continues to unfold today. Recently the search for primes has taken on 
practical significance because primes are used everyday in making internet 
communications secure, for example. Later, we will investigate ways that 
primes are used in cryptography. And we’ll see some modern techniques 
of identifying primes. But let’s begin with an ancient method for finding 
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primes. The following exercise introduces a very early method of identifying 
primes attributed to the scholar Eratosthenes (276-194 BC). 


2.5 Exercise (Sieve of Eratosthenes). Write down all the natural numbers 
from | to 100, perhaps on a 10x 10 array. Circle the number 2, the smallest 
prime. Cross off all numbers divisible by 2. Circle 3, the next number that 
is not crossed out. Cross off all larger numbers that are divisible by 3. 
Continue to circle the smallest number that is not crossed out and cross 
out its multiples. Repeat. Why are the circled numbers all the primes less 
than 100? 


With our list of primes, we can begin to investigate how many primes 
there are and what proportion of natural numbers are prime. 


2.6 Exercise. For each natural number n, define n(n) to be the number 
of primes less than or equal to n. 


1. Graph n(n) for n = 1,2,..., 100. 


2. Make a guess about approximately how large m(n) is relative ton. In 
particular, do you suspect that —— is generally an increasing function 
or a decreasing function? Do you suspect that it approaches some 
specific number (as a limit) as n goes to infinity? Make a conjecture 
and try to prove it. Proving your conjecture is a difficult challenge. 
You might use a computer to extend your list of primes to a much 


larger number and see whether your conjecture seems to be holding 
up. 


Mathematicians do not give out the title of “Fundamental Theorem” too 
often. In fact, you may have only come across one or two in your lifetime 
(the Fundamental Theorem of Algebra and the Fundamental Theorem of 
Calculus come to mind). We might think of such theorems as somehow very 
important. If so, we would be correct. What makes a theorem important? 
One answer might be that it captures a basic relationship and that it is widely 
applicable to explaining a broad range of mathematics. We will see that the 
Fundamental Theorem of Arithmetic certainly possesses these qualities. 

We will write the Fundamental Theorem of Arithmetic in two parts: the 
Existence part and the Uniqueness part. The Existence part says that every 
natural number bigger than 1 can be written as the product of primes and 
the Uniqueness part says basically that there is only one way to do so. For 
example, 24 = 23-3 = 3-23. 
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2.7 Theorem (Fundamental Theorem of Arithmetic—Existence Part). Ev- 
ery natural number greater than | is either a prime number or it can be 
expressed as a finite product of prime numbers. That is, for every natural 
number n greater than 1, there exist distinct primes P1, Pp2,..., Pm and 
natural numbers 11,12,...,lm such that 


ae PL APD: r 
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The following lemma might be helpful in proving the Uniqueness part of 
the Fundamental Theorem of Arithmetic. A lemma is actually a theorem, but 
it is designed to be a step towards the proof of a more important theorem. 


2.8 Lemma. Let p and q1,q2,...,Qn all be primes and let k be a natural 
number such that pk = q1q2°--qn. Then p = q; for some i. 


2.9 Theorem (Fundamental Theorem of Arithmetic—Uniqueness part). Let 
n be a natural number. Let {p1, p2,..-, Pm} and {q1,q2,-.--,9s} be sets 
of primes with pi # p; ifi # j and qi Aq; ifi F j. Let {ri,12,..., 1m} 
and {t,,t2,...,ts} be sets of natural numbers such that 


—. il 2 r, 
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Then m = s and {pj, p2,.--, Pm} = {41,92,---,4s}. That is, the sets 
of primes are equal but their elements are not necessarily listed in the 
same order; that is, pj may or may not equal q;. Moreover, if pi = qj; 
then r; = t;. In other words, if we express the same natural number as 
a product of powers of distinct primes, then the expressions are identical 
except for the ordering of the factors. 


Putting the existence and uniqueness parts together, we get the whole 
formulation of the Fundamental Theorem of Arithmetic: 


Theorem (Fundamental Theorem of Arithmetic). Every natural number 
greater than | is either a prime number or it can be expressed as a finite 
product of prime numbers where the expression is unique up to the order 
of the factors. 


Let’s take a moment to think through a little issue about our definition 
of “prime.” Humans make decisions about what definitions to make. Let’s 
think about the choices we made in defining “prime.” One notion of “prime” 
is the inability to further decompose. Surely 1 meets this criterion. Yet our 
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choice of definition of prime omits 1. What is the advantage to not choosing 
to include | among the prime numbers? If 1 were called a prime, why would 
the Fundamental Theorem of Arithmetic no longer be true? 

The Fundamental Theorem of Arithmetic tells us that every natural num- 
ber bigger than | is a product of primes. Here are some exercises that help 
to show what that means in some specific cases. 


2.10 Exercise. Express n = 12! as a product of primes. 
2.11 Exercise. Determine the number of zeroes at the end of 25}. 


The Fundamental Theorem of Arithmetic says that for any natural number 
n > | there exist distinct primes {p1, p2,..., Pm} and natural numbers 
{11,12,-..,1m} such that 


> SL, 2: r, 
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and moreover, the factorization is unique up to order. When the p; are 
ordered so that py < p2 <-++: < Pm we will say that p;'p3?-++ pm” is the 
unique prime factorization of n. 


Applications of the Fundamental Theorem of Arithmetic 


One application of the Fundamental Theorem of Arithmetic is that if we 
know the prime factorizations of two natural numbers, it is a simple matter 
to determine whether one divides the other. The following is a characteri- 
zation of divisibility in terms of primes. There are lots of letters and lots of 
subscripts, but once understood, this theorem makes sense. 


2.12 Theorem. Let a and b be natural numbers greater than | and let 
Di! Py + Pri" be the unique prime factorization of a and let qq? -+-q¢ 
be the unique prime factorization of b. Then a\b if and only if for alli <m 


there exists a j < s such that pj = qj and 7; < tj. 


Prime factorizations make it easy to prove some assertions that might 
otherwise be more difficult. 


2.13 Theorem. /f a and b are natural numbers and a?\b”, then a\b. 


Prime factorizations can help us to find the greatest common divisor and 
least common multiple of two natural numbers. Here are some examples. 


2.14 Exercise. Find (3!4 - 722-115-173, 52-114 138-17). 
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2.15 Exercise. Find lom(3!4 - 722-115 - 173, 52 - 114 - 138 - 17). 


After doing some examples, we instinctively seek the general pattern. 
That is, we seek to make a general statement that captures the reason that 
the method we used in the specific examples works. 


2.16 Exercise. Make a conjecture that generalizes the ideas you used to 
solve the two previous exercises. 


2.17 Question. Do you think this method is always better, always worse, or 
sometimes better and sometimes worse than using the Euclidean Algorithm 
to find (a,b)? Why? 


The following theorem requires a clever use of the Fundamental Theorem 
of Arithmetic. 


2.18 Theorem. Given n+1 natural numbers, say a1, d2,...,4n+1, all less 
than or equal to 2n, then there exists a pair, say a; and aj withi # j, 
such that a;|a;. 


The Fundamental Theorem of Arithmetic can be used to prove that certain 
equations do not have integer solutions. 


2.19 Theorem. There do not exist natural numbers m and n such that 
Tm =n”. 
2.20 Theorem. There do not exist natural numbers m and n such that 


24m3 = n?3. 


Up to this point we have been talking exclusively about natural numbers 
and integers. Our insights into natural numbers and integers can actually 
help us to understand more general kinds of numbers such as rational num- 
bers and irrational numbers. 


Definition. A rational number is a real number that can be written as $ 
where a and BD are integers and b $ 0. 


Definition. A real number that is not rational is irrational. 


The next theorems ask you to prove that certain specific numbers are 
irrational. 


2.21 Exercise. Show that J7 is irrational. That is, there do not exist 
natural numbers n and m such that /7 = a 
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2.22 Exercise. Show that 12 is irrational. 
2.23 Exercise. Show that 73 is irrational. 


Having proved some specific numbers are irrational we take the usual 
step of generalizing our insights as far as possible. 


2.24 Question. What other numbers can you show to be irrational? Make 
and prove the most general conjecture you can. 


Let’s now return to the world of integers. The following was a theorem 
we first proved in Chapter 1. Here we repeat the theorem with the idea that 
the Fundamental Theorem of Arithmetic might help to provide an alternative 
proof. 


2.25 Theorem. Let a, b, and n be integers. If a|n, b|n, and (a,b) = 1, 
then ab|n. 


Integers are either divisible by a prime p or are relatively prime to p. 


2.26 Theorem. Let p be a prime and let a be an integer. Then p does not 
divide a if and only if (a, p) = 1. 


Notice that 9|(6- 12) and yet 9 does not divide either 6 or 12. However, 
if a prime divides a product of two integers, then it must divide one or the 
other. 


2.27 Theorem. Let p be a prime and let a and b be integers. If p|ab, 
then pla or p|b. 


The following theorems explore the relationships among the greatest com- 
mon divisor and various arithmetic operations. You might consider proving 
them in at least two ways, one using the Fundamental Theorem of Arith- 
metic and one using the techniques from Chapter 1. 


2.28 Theorem. Let a, b, and c be integers. If (b,c) = 1, then (a, bc) = 
(a,b) - (a,c). 


2.29 Theorem. Let a, b, and c be integers. If (a,b) = 1 and (a,c) = 1, 
then (a, bc) = 1. 


2.30 Theorem. Let a and b be integers. If (a,b) = d, then (4, 5) = 1. 
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2.31 Theorem. Let a, b, u, and v be integers. If (a,b) = 1 and ula and 
v|b, then (u,v) = 1. 


The infinitude of primes 


One of the most basic questions we can ask about prime numbers is, “How 
many are there?” In this section, we will prove that there are infinitely 
many. To prove that there are infinitely many primes, we need to show that 
there are large natural numbers that are not the product of smaller natural 
numbers. Our first observation points out that consecutive natural numbers 
cannot share common divisors greater than 1. 


2.32 Theorem. For all natural numbers n, (n,n + 1) = 1. 


Can you think of a natural number that is divisible by 2, 3, 4, and 5? Can 
you think of a natural number that has a remainder of 1 when divided by 
2, 3, 4, and 5? If you think of systematic ways to answer these questions, 
you will be well on your way to proving the following theorem. 


2.33 Theorem. Let k be a natural number. Then there exists a natural 
number n (which will be much larger than k) such that no natural number 
less than k and greater than | divides n. 


The previous theorem shows us how to produce natural numbers that are 
specifically not divisible by certain natural numbers. This insight helps us 
to find natural numbers that are not divisible by any natural numbers other 
than themselves and 1, in other words, primes. 


2.34 Theorem. Let k be a natural number. Then there exists a prime larger 
than k. 


The Infinitude of Primes Theorem is one of the basic results of math- 
ematics. It was proved in ancient times and is recognized as one of the 
foundational theorems about numbers. At first you might think, “Of course, 
there must be infinitely many primes. How could there not be infinitely 
many primes since there are infinitely many natural numbers?” But remem- 
ber that the same prime can be used many times. For example, we can 
construct arbitrarily large natural numbers just by raising 2 to large pow- 
ers. So it is conceivable that some finite number of primes would suffice 
to produce all natural numbers. However, in fact there are infinitely many 
primes, as you will now prove. 
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2.35 Theorem (Infinitude of Primes Theorem). There are infinitely many 
prime numbers. 


After you have devised a proof or proofs or learned a proof, it is satisfying 
to reflect on the logic of the argument and celebrate and appreciate the 
beauty or cleverness of the reasoning. 


2.36 Question. What were the most clever or most difficult parts in your 
proof of the Infinitude of Primes Theorem? 


One of the principal ways that new mathematics is created is to take one 
result and see whether it can be extended or variations of it can be proved. In 
the case of the Infinitude of Primes, we can ask whether there are infinitely 
many primes of a certain type. We begin by making an observation about 
numbers congruent to 1 modulo 4, which then will help us to prove that 
there are infinitely many primes of the form 4k + 3. 


2.37 Theorem. /f7,,12,...,%m are natural numbers and each one is con- 
gruent to 1 modulo 4, then the product r\r2---tm is also congruent to 1 
modulo 4. 


To prove the following theorem, remember the proof of the Infinitude of 
Primes Theorem and see how the strategy of that proof might be adapted 
to prove the following harder theorem. 


2.38 Theorem (Infinitude of 44 + 3 Primes Theorem). There are infinitely 
many prime numbers that are congruent to 3 modulo 4. 


When you have proved the previous theorem, you will have forced your- 
self to understand a technique of proving theorems about the existence of 
infinitely many primes of a certain type. Now is the time to see how far that 
technique can be pushed. In other words ask yourself how many theorems 
like the preceding one are provable using a similar idea. 


2.39 Question. Are there other theorems like the previous one that you can 
prove? 


In fact, the following much more general theorem is true. Its proof in its 
full generality, however, is quite difficult and we will not attempt it in this 
course. 


Theorem (Infinitude of ak + b Primes Theorem). Ifa and b are relatively 
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prime natural numbers, then there are infinitely many natural numbers k 
for which ak + b is prime. 


The previous theorem is often called Dirichlet’s Theorem on primes in 
an arithmetic progression and is due to Lejeune Dirichlet (1805-1859). 
An arithmetic progression is a sequence of numbers of the form ak + b, 
k = 0,1,2,..., where b is any integer and a is a natural number. It is a 
sequence of numbers all of which are congruent to b modulo a. The study 
of primes in arithmetic progressions is still an active field today. Consider 
the following recent result due to Ben Green and Terence Tao. 


Theorem (Green and Tao, 2005). There are arbitrarily long arithmetic 
progressions of primes. 


This means that for any natural number n there exists a prime p and a 
natural number a such that p, p +a, p+ 2a, p+ 3a,..., p+na are 
all prime. As an example, an arithmetic progression of primes of length 
five is found by choosing p = 5 and a = 6, which yields the sequence 
5, 11, 17, 23,29. The longest known arithmetic progression of primes as of 
July of 2004 has length 23 and is given by 


56211383760397 + k44546738095860, k = 0,...,22. 


Terence Tao was awarded a Fields medal in part for his work related to 
this result. Fields medals, the mathematical equivalent of the Nobel prize, 
are awarded once every four years to outstanding mathematicians under the 
age of 40. 


2.40 Exercise. Find the current record for the longest arithmetic progres- 
sion of primes. 


Primes of special form 


The largest known prime is of a special type known as a Mersenne prime, 
which is a prime of the form 2” — 1. The theorems here show some features 
of Mersenne primes and related primes. 


2.41 Exercise. Use polynomial long division to compute (x™ —1)~+(x—1). 


2.42 Theorem. /f7 is a natural number and 2” —| is prime, then n must 
be prime. 
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2.43 Theorem. /fn is a natural number and 2” + | is prime, then n must 
be a power of 2. 


Definition. A Mersenne prime is a prime of the form 2” — 1, where p is 
a prime. A prime of the form 2" +1 is called a Fermat prime. 


2.44 Exercise. Find the first few Mersenne primes and Fermat primes. 


2.45 Exercise. For an A in the class and a Ph.D. in mathematics, prove 
that there are infinitely many Mersenne primes (or Fermat primes) or prove 
that there aren’t (your choice). 


The distribution of primes 


We now know that there are infinitely many primes, but in a sense that 
information is a rather crude measure of how the primes appear among 
the natural numbers. We could ask other questions such as roughly what 
fraction of the natural numbers are prime? And we might wonder whether 
the primes occur in some sort of pattern. To investigate how the primes 
are distributed among the natural numbers, let’s begin by looking at some 
ranges of natural numbers with the primes printed in bold: 


1,2,3,4,5, 6,7, 8,9, 10, 11, 12,13, 14, 15, 16, 17, 18, 19, 20, 21, 


22, 23, 24,..., 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, 
310, 311, 312, 313, 314, 315, 316,..., 2025, 2026, 2027, 2028, 
2029, 2030, 2031, 2032, 2033, 2034, 2035, 2036, 2037, 2038, ... 


What observations can we make? First, we may notice that the proportion 
of bold numbers occurring seems to be getting smaller. That is, primes tend 
to be more sparse as we move further out into the sequence of natural 
numbers. We tend to see longer and longer runs of consecutive composite 
numbers. In fact, there is no limit to the length of strings of composite 
numbers. 


2.46 Theorem. There exist arbitrarily long strings of consecutive compos- 
ite numbers. That is, for any natural number n there is a string of more 
than n consecutive composite numbers. 


On the other hand, we still observe pairs of primes separated by just 
one even number, such as 311 and 313, or 2027 and 2029. One of the 
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most famous unanswered questions in number theory asks whether or not 
this behavior continues indefinitely. If you have already settled the previous 
question about Mersenne primes, then solving the following question will 
give you another Ph.D. 


2.47 Question (The Twin Primes Question). Are there infinitely many pairs 
of prime numbers that differ from one another by two? (The pairs 11 and 
13, 29 and 31, 41 and 43 are examples of such twin primes.) 


Out of the first 24 natural numbers, 9 of them are primes—that’s just a 
little over one third. We saw how this fraction changes as n increases in 
the Sieve of Eratosthenes exercise. 

Suppose someone asked you to write down all the primes less than 100 
million without the aid of a calculator or a computer. With a pencil and pa- 
per, you would find that task to be tedious and prone to error; however, that 
was the challenge facing mathematicians before the advent of modern com- 
puting machinery. Surely one of the most amazing feats of prime-finding 
before computers was completed in about 1863, when J.P. Kulik finished 
his 20-year project of finding the least prime factor of every natural num- 
ber up to 100 million. Our sadness in losing the volume of Kulik’s work 
that contained the natural numbers between 12,642,600 and 22,852,800 is 
somewhat lessened by the fact that his work was full of errors and that a 
modern computer could reproduce the whole work in a matter of seconds. 

The significance of computing lists of primes before the invention of 
computers and even before Kulik’s work is that those lists allowed mathe- 
maticians to gain some intuition about the distribution of primes. 

As we observed above, the proportion of primes seems to slowly go 
downward. That is, the percentage of numbers less than a million that are 
prime is smaller than the percentage of numbers less than a thousand that 
are prime. The primes, in some sense, get sparser and sparser among the 
bigger numbers. That observation was greatly refined in the 1790s by Carl 
Friedrich Gauss (1777-1855), known by many as the Prince of Mathemat- 
ics, and Adrien-Marie Legendre (1752-1833). They conjectured that the 
number of primes less than the natural number n, which is denoted by 
mt(n), is approximated by n divided by the natural logarithm of n. Using 
computers, we can produce evidence that the proportion of primes less than 
n becomes increasingly smaller as n increases. Table | also shows that the 


ratio between s(n) and the fraction oO) gets increasingly closer to 1. 


In 
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Po Eom 
In(u n/ In(n 
AB cs 0.92104... 
: pA ee eee 1.15133... 
168 168 144.7... 1.16054... 
1229 1229 1085.7... 1.13199... 


9592 .09592 8685.8... 1.10443... 
78498 .078498 72382.4... 1.08452... 
664579 .0664579 620420.7... 1.07121... 
5761455 | .05761455 | 5428681.0... 1.06144... 
50847534 | .050847534 | 48254942.4...}) 1.05385... 


Table 1. Prime Proportions 


The formal statement of these observations is called The Prime Number 
Theorem. We state it here, but the proofs of this theorem are difficult, and 
beyond the scope of this book. 


Theorem (The Prime Number Theorem). As n approaches infinity, the 
number of primes less than n, m(n), approaches aa)’ that is, 


rea 
n/ \n(n) 

Finally, we mention here one more famous open question concerning 
prime numbers. 


noo 


2.48 Exercise. Express each of the first 20 even numbers greater than 2 
as a sum of two primes. (For example: 8 = 5 + 3.) 


In a letter to Euler, dated June 7, 1742, Christian Goldbach (1690-1764) 
claimed that every natural number greater than 2 was the sum of three 
primes. It was convention at the time to include the number | as being 
among the primes. The conjecture was re-expressed by Euler as follows. 


Conjecture (The Goldbach Conjecture). Every positive, even number greater 
than 2 can be written as the sum of two primes. 


The Goldbach Conjecture has been verified by computer, as of June of 
2006, for all even numbers up to 400, 000, 000, 000, 000, 000. As the even 
numbers get larger, there seem to be more ways to write them as a sum of 
two primes. For example, the number 100,000,000 can be written as the 
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sum of two primes in 219,400 different ways. But no one knows how to 
prove that in general all even natural numbers are the sum of two primes. 
Perhaps some even number with 10 trillion digits is not the sum of two 
primes. Until we have a general method of proof that will apply to all even 
numbers, we will not know whether such a natural number exists or not. 


2.49 Blank Paper Exercise. After not looking at the material in this chap- 
ter for a day or two, take a blank piece of paper and outline the development 
of that material in as much detail as you can without referring to the text 
or to notes. Places where you get stuck or can’t remember highlight areas 
that may call for further study. 


From Antiquity to the Internet 


Interest in the multiplicative properties of the natural numbers surely pre- 
dated the works of Euclid (Elements, Books VII, VIII, IX), but it is here 
that we find the first written study. For example, Proposition 20 of Book IX 
gives the first known proof of the infinitude of primes. The ancient Greeks’ 
interest in the primes may have been further spawned by the connection 
they shared with perfect numbers. A natural number is said to be perfect 
if it is equal to the sum of its proper divisors. For example, the smallest 
perfect number is 6, since 6=1+2+3. We list the first four perfect numbers. 


6 = 27-1027 -1) = 14243 

28 = 29-123 —- 1) =1424447414 

496 = 29-127 — 1) = 1424448416431 + 62+ 1244 248 
8128 = 27-1(27-— 1) = 14244484 16+---+ 2032 + 4064 


In Book IX of his Elements Euclid proved the following: if for some n, 
2” — 1 is prime, then 2”~!(2” — 1) is perfect. This established the link 
between perfect numbers and primes of the form 2” — 1. 

The serious study of perfect numbers and primes of special forms was 
picked up again in the seventeenth century by the likes of Rene Descartes 
(1596-1650), Pierre de Fermat (1601-1665), and Marin Mersenne (1588- 
1648). In a 1638 letter to Mersenne, Descartes stated that he thought he 
could prove that every even perfect number was of the form given by 
Euclid’s theorem, but no proof was given. Also in a letter to Mersenne, 
dated 1640, Fermat indicated he had proved the following: if is composite, 
then 2” — 1 is composite; but if n is prime, then 2” — 1 need not be prime, 
with two examples being 2!! — 1 = 23-89, and 273 — 1 = 47- 178481. 
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In 1647 Mersenne gave the following list of 11 primes p for which he 
believed 2? — 1 was prime as well: 2, 3, 5, 7, 13, 17, 19, 31, 67, 127, 
257. He erred only by including 67 (and excluding 61, 89 and 107). To 
this day primes of the form 2” — | are called Mersenne primes, and it is 
still unknown whether infinitely many exist. In a posthumously published 
paper, Euler finally succeeded in proving that all even perfect numbers are 
of Euclid’s type, giving a one-to-one correspondence between Mersenne 
primes and even perfect numbers. Curiously, it is not known if any odd 
perfect numbers exist. 

The search for new Mersenne primes continues to this day. In fact, anyone 
with a home computer and an internet connection can join the Great Internet 
Mersenne Prime Search (GIMPS). Mersenne’s list has only been increased 
to contain 44 examples as of September, 2006, with the largest having over 
9.8 million digits. 


2.50 Exercise. Find the current record for the largest known Mersenne 
prime. 


There is a monetary award of $100,000 for the first person (or group) to 
find a Mersenne prime with at least 10 million digits. So happy hunting. 


SS tite 
A Modular World 


Thinking Cyclically 


In Chapter 1 we established the basics of modular arithmetic. Now we 
proceed to see how modular arithmetic relates to other familiar algebraic 
constructions such as functions and equations, and how it can help us to 
better understand primes and composite numbers. 

Modular arithmetic is interesting as an abstract topic in number theory, 
but it also plays important roles in real life. It is the basis for public key 
cryptography and check digits associated with error detection. Here we 
further develop the theory of modular arithmetic and later explore some of 
its applications outside mathematics. 


Powers and polynomials modulo n 


Recall the following definition of congruence from Chapter 1. 


Definition. Suppose that a, b, and n are integers with n > 0. We say that 
a and b are congruent modulo n if and only if n|(a — b). We denote this 
relationship as 

a=b (mod n) 


and read these symbols as “a is congruent to b modulo n.” 


Here are some exercises that will encourage you to refresh your memory 
about some of the modular arithmetic theorems that you proved back in 
Chapter 1. 


43 
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3.1 Exercise. Show that 41 divides 2?°—1 by following these steps. Explain 
why each step is true. 


1. 2° =—9 (mod 41). 

2. (2°)* = (—9)* (mod 41). 

3. 279 = 81? (mod 41) = (—1)? (mod 41). 
4, 2201 =0 (mod 41). 


3.2 Question. /n your head, can you find the natural number k, 0 <k < 
11, such that k = 37*°? (mod 12)? 

(Hint: Don’t try to multiply it out and then divide by 12. Of course, this 
hint is a rather lame joke, since if you could actually multiply 37*°? in 
your head, you would not be taking a number theory class. You would be 
performing mental feats in some carnival sideshow.) 


The next question continues to show you the value of thought (and mod- 
ular arithmetic) rather than brute force. 


3.3 Question. Jn your head or using paper and pencil, but no calculator, 
can you find the natural number k, 0 < k < 6, such that 2°° = k (mod 7)? 


The next question asks you to compute a larger power (453) of a number 
modulo 12. Try to think of how to do this efficiently. Here is a hint. If 
you want to raise a number to the 16th power, you can first square it, then 
square the result, then square the result, and then square the result. So only 
four multiplications accomplish raising to the 16th power, rather than using 
16 multiplications. Also, remember that you can reduce answers modulo 
12, so you never have to multiply numbers larger than 11. While doing the 
following exercise, think about systematizing your strategy. In particular, 
can you see why your strategy might involve expressing 453 as a sum of 
powers of 2? See whether you can do the following problem without ever 
multiplying numbers larger than 12 and without doing more than 10 steps 
of multiplying two numbers less than 12 and reducing the answers modulo 
12. 


3.4 Question. Using paper and pencil, but no calculator, can you find the 
natural number k, 0 < k < 11, such that 394°? = k (mod 12)? 


Now that you have developed the power to take powers, here is another 
exercise that takes advantage of your method. 
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3.5 Exercise. Show that 39 divides 1748 — 524. 


At this point, you have developed some ideas about how to efficiently 
raise numbers to powers in modular arithmetic. The next question asks you 
to crystallize your method and clearly describe it. 


3.6 Question (Describe technique). Let a, n, and r be natural numbers. 
Describe how to find the number k (0 < k < n—1) such that k = a" 
(mod n) subject to the restraint that you never multiply numbers larger 
than n and that you only have to do about log, r such multiplications. 


The technique you just developed and described allows computers to 
deal with taking very large numbers (containing several hundred digits) and 
raising them to huge powers modulo other enormous numbers. The ability 
of computers to deal with such arithmetical challenges turns out to be an 
essential ingredient in modern methods of secure data transmission used 
over the internet everyday. We will explore these methods, which involve 
cryptography, in a later chapter. 

We now turn our attention to polynomials and how they behave when 
viewed from a modular arithmetic point of view. We begin with a specific 
example. 


3.7 Question. Let f(x) = 13x49? —27x?7 + x!4 — 6. Is it true that 
£(98) = f(—100) (mod 99)? 


As usual, after doing a specific example, we think about what more 
general statement the specific example suggests. 


3.8 Theorem. Suppose f(x) = anx" +dy—1x"!+-+++aQ9 is a polynomial 
of degree n > 0 with integer coefficients. Let a, b, and m be integers with 
m > 0. Ifa = b (mod m), then f(a) = f(b) (mod m). 


The next corollaries are repeats of results from Chapter 1 about criteria 
for determining when a natural number is divisible by 3 or 9. Here you are 
being asked to recognize a natural number as the evaluation of a polynomial, 
and to deduce the subsequent statements from the previous theorem. 


3.9 Corollary. Let the natural number n be expressed in base 10 as 
nN = aKag-1...a1d9. 


Let m = ag + ag—1 +++: +41 +. Then 9|n if and only if 9|m. 
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3.10 Corollary. Let the natural number n be expressed in base 10 as 
nN = aKag-1...a1d9. 
Ifm = ag + ag—1 +-++ +41 +0. Then 3|n if and only if 3|m. 


During your work on Chapter 1, you may have devised other criteria for 
divisibility. If so, does this polynomial view of those divisibility theorems 
help you to see why your methods are true? Can you now think of new 
divisibility theorems like the above? 

The next two theorems do not involve modular arithmetic. They roughly 
state that every polynomial gets big. 


3.11 Theorem. Suppose f(x) = anx" + dyn—1x""! +++++ ao is a poly- 
nomial of degree n > 0 and suppose ay > 0. Then there is an integer k 
such that if x > k, then f(x) > 0. 


Note: We are only assuming that the leading coefficient a, is greater than 
zero. The other coefficients may be positive or negative or zero. 

The next theorem extends the idea that polynomials get positive and 
roughly states that not only do they get positive, but they get big and stay 
big from some point on. Notice that the theorem does not ask you to be 
efficient and find the first place after which the polynomial stays larger than 
some value. It just asks you to prove that eventually that happens. 


3.12 Theorem. Suppose f(x) = ayx" + dp—1x"! ++-+++ do is a polyno- 
mial of degree n > 0 and suppose ay > 0. Then for any number M there 
is an integer k (which depends on M) such that if x > k, then f(x) > M. 


The next theorem connects polynomials with primes. It says that every 
polynomial with integer coefficients produces many composite numbers. 
There is no polynomial that produces only primes. Too bad. In proving 
the next theorem, it might be useful to think about modular arithmetic. 
Remember that if a number is congruent to 0 modulo n, then n divides the 
number, and being divisible is the fundamental issue about being composite. 
The proof of the following theorem is a challenge, but if you look at it just 
right, then you can give a convincing proof. So the hint is to use Theorems 
3.8 and 3.12. 


3.13 Theorem. Suppose f(x) = dnx” + dn—1x"! +++++ dg is a polyno- 
mial of degree n > 0 with integer coefficients. Then f(x) is a composite 
number for infinitely many integers x. 
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Note: This theorem implies that we cannot find a magical polynomial 
that produces only prime values for every integer input. Nevertheless, some 
polynomials do pretty well. The polynomial f(x) = x? + x + 41 has 
a prime value (that is, f(7) is prime) for 80 consecutive integer inputs, 
n = —40, —39,...,38, 39. Try a few values to test this assertion. 

When we think of a natural number modulo n, it is congruent to some 
non-negative integer less than n. The next theorem pins that idea down. 


3.14 Theorem. Given any integer a and any natural number n, there exists 
a unique integer t in the set {0,1,2,...,n —1} such thata =t (mod n). 


This theorem suggests the following definition of one set of numbers to 
which every natural number is congruent. 


Definition. Let 1 be a natural number. The set {0,1,2,..., — 1} is the 
called the canonical complete residue system modulo n. 


There are other collections of integers besides the canonical complete 
residue system modulo with the property that they represent all integers 
modulo n. 


Definition. Let k and n be natural numbers. A set {a1,q2,...,a,} of 
integers is called a complete residue system modulo n if every integer is 
congruent modulo 7 to exactly one element of the set. 


Let’s get used to these definitions by looking at some examples and 
constructing complete residue systems. 


3.15 Exercise. Find three complete residue systems modulo 4: the canon- 
ical complete residue system, one containing negative numbers, and one 
containing no two consecutive numbers. 


3.16 Theorem. Let n be a natural number. Every complete residue system 
modulo n contains n elements. 


Arithmetic modulo n puts the integers into n different equivalence classes. 
A complete residue system modulo n has one representative of each equiv- 
alence class. Even if you don’t know the technical definition of equivalence 
class, the idea is just that the integers are divided into groups, namely, the 
integers congruent to 0, the integers congruent to 1, the integers congruent 
to 2, and so on up to the integers congruent to n — 1 modulo n. The fol- 
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lowing theorem says that any set of m non-congruent integers will form a 
complete residue system modulo n. 


3.17 Theorem. Let n be a natural number. Any set, {d,,d2,...,@n}, of n 
integers for which no two are congruent modulo n is a complete residue 
system modulo n. 


Linear congruences 


In the first chapter, we discussed some questions about finding solutions 
to linear Diophantine equations. Now we are going to take up analogous 
questions about finding solutions to equations in modular arithmetic. Specif- 
ically, our next goal is to determine when there are solutions to the general 
linear congruence 


ax =b (mod n) 


and how to find all the solutions. A solution is an integer value for x that 
makes the congruence true. We’ll start with some examples. 


3.18 Exercise. Find all solutions in the appropriate canonical complete 
residue system modulo n that satisfy the following linear congruences: 


1. 26x = 14 (mod 3). 
2. 2x =3 (mod 5). 
3. 4x =7 (mod 8). 


4. 24x = 123 (mod 213). (This congruence is tedious to do by trial and 
error, so perhaps we should defer work on it for now and instead try 
to develop some techniques that might help.) 


This next theorem clearly connects the question of how to solve linear 
congruences with the techniques of solving linear Diophantine equations 
that we developed in Chapter 1. 


3.19 Theorem. Let a, b, and n be integers with n > 0. Show that ax = b 
(mod n) has a solution if and only if there exist integers x and y such that 
ax+ny=b. 


These theorems will encourage you to remember your work from Chapter 
1. 
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3.20 Theorem. Let a, b, and n be integers with n > 0. The equation 
ax = b (mod n) has a solution if and only if (a,n)|b. 


Now we have a specific condition that tells whether a linear congruence 
will or will not have a solution. We can use this criterion to see whether 
our deferred congruence in Exercise 3.18 does or does not have a solution. 


3.21 Question. What does the preceding theorem tell us about the congru- 
ence (4) in Exercise 3.18 above? 


Now let’s actually solve the congruence in a systematic way. As usual, 
this work is tying back into the work we did in solving linear Diophantine 
equations in Chapter 1. 


3.22 Exercise. Use the Euclidean Algorithm to find a member x of the 
canonical complete residue system modulo 213 that satisfies 24x = 123 
(mod 213). Find all members x of the canonical complete residue system 
modulo 213 that satisfy 24x = 123 (mod 213). 


Having done a specific example, as usual we step back and try to describe 
a general procedure. 


3.23 Question. Let a, b, and n be integers with n > 0. How many solu- 
tions are there to the linear congruence ax = b (mod n) in the canonical 
complete residue system modulo n? Can you describe a technique to find 
them? 


The next theorem gives the answer, so try to think it through on your 
own before reading on. While thinking about this question, crystallizing the 
ideas about linear Diophantine equations will help. 


3.24 Theorem. Let a, b, and n be integers with n > 0. Then 
1. The congruence ax = b (mod n) is solvable in integers if and only 
if (a,n)|b; 
2. If Xo is a solution to the congruence ax = b (mod n), then all solu- 
tions are given by 


Xo + [= -m) (mod n) 
(a,n) 
form =0, 1, 2, ..., (a,n) —1,; and 


3. Ifax = b (mod n) has a solution, then there are exactly (a,n) solu- 
tions in the canonical complete residue system modulo n. 
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Systems of linear congruences: 
the Chinese Remainder Theorem 


Sometimes in real life, we are confronted with problems involving simulta- 
neous linear congruences. Something like the following has probably hap- 
pened to you. 


3.25 Exercise. A band of 17 pirates stole a sack of gold coins. When they 
tried to divide the fortune into equal portions, 3 coins remained. In the 
ensuing brawl over who should get the extra coins, one pirate was killed. 
The coins were redistributed, but this time an equal division left 10 coins. 
Again they fought about who should get the remaining coins and another 
pirate was killed. Now, fortunately, the coins could be divided evenly among 
the surviving 15 pirates. What was the fewest number of coins that could 
have been in the sack? 


Perhaps your experience is less violent and more bucolic. Eggs need 
counting too. 


3.26 Exercise (Brahmagupta, 7th century A.D.). When eggs in a basket are 
removed two, three, four, five or six at a time, there remain, respectively, 
one, two, three, four, or five eggs. When they are taken out seven at a time, 
none are left over. Find the smallest number of eggs that could have been 
contained in the basket. 


These exercises are challenging but fun to do. The question now is 
whether we can formulate general statements that tell us when solutions 
to such problems exist and how those solutions can be found. This first 
theorem gives a criterion for when we can find a single number that is 
congruent to two different values modulo two different moduli. That single 
number is called a solution to a system of two linear congruences. Later we 
will consider solutions to arbitrarily large systems of linear congruences. 


3.27 Theorem. Let a, b, m, and n be integers with m > 0 and n > 0. 
Then the system 
x 
x 


a (mod n) 
b (mod m) 


has a solution if and only if (n, m)|a — b. 


The next theorem asserts that in the case where (m,n) = 1, the solution 
is unique modulo the product mn. 
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3.28 Theorem. Let a, b, m, and n be integers with m > 0, n > 0, and 
(m,n) = 1. Then the system 


=a _ (mod n) 
=b (mod m) 


ey 


has a unique solution modulo mn. 


The most famous theorem along these lines is the Chinese Remainder 
Theorem. Here the moduli are relatively prime, but there can be any fi- 
nite number of them. The pirate problem is a Chinese Remainder Theorem 
problem in disguise (possibly with an eye patch). The Chinese Remainder 
Theorem involves L different linear congruences. Whenever you see a the- 
orem or a problem that has a potentially large natural number involved, it is 
a good idea to start thinking about the cases where L is | or 2 or 3. Doing 
those special cases is a great way to teach yourself how to do the general 
case. The previous theorem gets you started by doing the case L = 2. Also, 
you might think about induction in trying to then do the general case. 


3.29 Theorem (Chinese Remainder Theorem). Suppose nj,n2,...,nL are 
positive integers that are pairwise relatively prime, that is, (nj,nj) = 1 
fori # j,1<i,j < L. Then the system of L congruences 


xX =a, (mod 71) 
xX =a. (mod n2) 


x =az (mod nz) 


has a unique solution modulo the product nyn2n3---Nny. 


3.30 Blank Paper Exercise. After not looking at the material in this chap- 
ter for a day or two, take a blank piece of paper and outline the development 
of that material in as much detail as you can without referring to the text 
or to notes. Places where you get stuck or can’t remember highlight areas 
that may call for further study. 


A Prince and a Master 


Carl Friedrich Gauss, sometimes called the Prince of Mathematics, is con- 
sidered by many to be one of the greatest mathematicians in history, and it 
is to him that we owe the modern theory and notation of congruences (i.e., 
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modular arithmetic). His treatise Disquisitiones Arithmeticae, published in 
1801 when Gauss was just 24, brought together for the first time in one 
source the important number theory contributions of many previous math- 
ematicians, including Fermat, Euler, Joseph Lagrange, and Adrien-Marie 
Legendre. Some of Gauss’ own contributions to number theory will be 
treated in later chapters. 

Sun Zi wrote the Chinese treatise Sun Tze Suan Ching, which translates 
to Master Sun’s Mathematical Manual. He is assumed to have lived during 
either the third or fourth century AD. There is some evidence that he was 
a Buddhist monk, but little else is known of him. Master Sun’s manual is 
divided into three volumes, and Problem 26 from Volume 3 is translated 


We have a number of things, but we do not know exactly how many. 
If we count them by threes we have two left over. If we count them 
by fives we have three left over. If we count them by sevens we have 
two left over. How many things are there? 


You will of course recognize this as a problem requiring a solution to a 
system of linear congruences, not unlike Brahmagupta’s egg basket problem. 
It is because Sun Zi’s text provides the earliest known example of such a 
problem that the Chinese Remainder Theorem obtained its name. 


Sts 
Fermat’s Little Theorem 
and Euler’s Theorem 


Abstracting the Ordinary 


One way that mathematics is created is to abstract, change, or generalize 
some features of familiar mathematical objects and see what happens. For 
example, we started with the familiar idea of arithmetic with integers and 
then made some changes to consider modular arithmetic, a sort of cycli- 
cal version of arithmetic. Abstract algebra is a mathematical exploration of 
generalizations of various familiar ideas such as the integers, the rational 
numbers, the real numbers and their associated arithmetic operations and 
properties. By selectively focusing on some properties of these examples, 
abstract algebra constructs categories of algebraic entities including objects 
called groups, rings, and fields. Modular arithmetic provides us with ex- 
amples of some of these algebraic structures and illustrates some of the 
properties that lead to many fundamental ideas in abstract algebra. 
Solving the linear congruence 


ax =b (mod n) 


means finding a number that when added to itself a times results in b 
modulo n. In studying such congruences we are implicitly studying the 
results of repeated addition modulo n and patterns that this process might 
produce. Equally interesting, as well as fruitful, is the study of repeated 
multiplication modulo n, that is, taking powers of numbers and reducing 
those powers modulo n. The operations of addition and multiplication are 
so well understood in the natural numbers that looking at their behavior in 
modular arithmetic is a natural exploration to undertake. 
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Orders of an integer modulo n 


We begin here by exploring how powers of numbers behave modulo n. We 
will find a structure among numbers modulo n that is interesting in its own 
right, has applications in cryptography and coding among other fields, and 
leads to central ideas of group theory. As usual we will do some specific 
examples in order to help us develop some intuition about what we might 
expect. 


4.1 Exercise. For i = 0, 1, 2, 3, 4, 5, and 6, find the number in the canon- 
ical complete residue system to which 2' is congruent modulo 7. In other 
words, compute 2° (mod 7),2! (mod 7), 2? (mod 7),...,2° (mod 7). 


Taking powers of an integer cannot create common factors with another 
integer if none existed to start with. 


4.2 Theorem. Let a and n be natural numbers with (a,n) = 1. Then 
(a/ ,n) = 1 for any natural number j. 


Reducing a number modulo n cannot create a common factor with n. 


4.3 Theorem. Let a, b, and n be integers with n > 0 and (a,n) = 1. If 
a= b (mod n), then (b,n) = 1. 


If you raise a number to various powers, you will sometimes get the same 
values modulo n. 


4.4 Theorem. Let a and n be natural numbers. Then there exist natural 
numbers i and j, withi # j, such that a' =a/ (mod n). 


The next theorem repeats a theorem we saw before, but it is one of the 
most used theorems in the exploration of powers, so you should have its 
statement and proof at the tips of your fingers. 


4.5 Theorem. Let a, b, c, and n be integers withn > 0. If ac = be 
(mod n) and (c,n) = 1, thena = b (mod n). 


The next theorem tells us that if we take a natural number relatively 
prime to a modulus n, then some power of it will be congruent to 1 modulo 
n. One consequence of this theorem is that after a power gets to 1, the 
powers will just recycle. 


4.6 Theorem. Let a and n be natural numbers with (a,n) = 1. Then there 
exists a natural number k such that ak = 1 (mod n). 


4. Fermat’s Little Theorem and Euler’s Theorem 55 


The preceding theorem tells us that every natural number relatively prime 
to a modulus has an exponent naturally associated with it, namely, the 
smallest exponent that makes the power congruent to 1. That concept is so 
useful that we give it a name. 


Definition. Let a and n be natural numbers with (a,n) = 1. The smallest 
natural number k such that aX = 1 (mod n) is called the order of a modulo 
n and is denoted ord, (a). 


Fermat’s Little Theorem 


The culminating theorem of this section is Fermat’s Little Theorem. It 
gives us information about what power of a number will be congruent to 1 
modulo a prime. We will approach that theorem by first finding some sort 
of a bound on the size of the order of a natural number. Experimenting with 
some actual numbers is a good way to begin. 


4.7 Question. Choose some relatively prime natural numbers a and n and 
compute the order of a modulo n. Frame a conjecture concerning how 
large the order of a modulo n can be, depending on n. 


In doing your experiments of taking a number to powers, you might have 
noticed that until the power was congruent to 1 modulo n, the values modulo 
n never repeated. That observation is the content of the next theorem. 


4.8 Theorem. Let a and n be natural numbers with (a,n) = | and let 
k = ord,(a). Then the numbers a, a”, ..., a® are pairwise incongruent 


modulo n. 


Taking powers of a natural number beyond its order will never produce 
different numbers modulo n. 


4.9 Theorem. Let a and n be natural numbers with (a,n) = | and let 
k = ord, (a). For any natural number m, a™ is congruent modulo n to 
one of the numbers a', a”, ..., a*. 

The only powers of a natural number that give 1 modulo n are powers 
that are multiples of the order. 


4.10 Theorem. Let a and n be natural numbers with (a,n) = 1, let 
k = ord,(a), and let m be a natural number. Then a™ = 1 (mod n) if and 
only if k|m. 
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This next theorem may have been what you conjectured when you did 
your experiments about order in the first question of this section. It states 
that the order of a natural number, that is, the power that first gets you to 
1 modulo 1, is less than n. 


4.11 Theorem. Let a and n be natural numbers with (a,n) = 1. Then 
ord, (a) <n. 


The following question asks you to do some experiments that might lead 
you to make a conjecture about powers of numbers modulo primes. You 
will probably make the conjecture that we will see later is in fact a theorem, 
Fermat’s Little Theorem. 


4.12 Exercise. Compute a?~! (mod p) for various numbers a and primes 
p, and make a conjecture. 


The numbers 1,2,3,..., p form a complete residue system modulo p. 
The next theorem states that if p is a prime, then multiplying each of those 
numbers by a fixed number that is not divisible by p produces another 
complete residue system. You might want to take a small prime, like 5, 
and multiply each of the numbers 1,2,3,4,5 by some other number, for 
example, 6, and check that you produce a complete residue system. 


4.13 Theorem. Let p be a prime and let a be an integer not divisible 
by p; that is, (a, p) = 1. Then {a,2a,3a,..., pa} is a complete residue 
system modulo p. 


Multiplying all the natural numbers less than a prime p will give the 
same result modulo p as multiplying a fixed multiple of those numbers. 


4.14 Theorem. Let p be a prime and let a be an integer not divisible by 
p. Then 


a-2a-3a---:- (p-— la =1-2-3----- (p—1) (mod p). 


This theorem can be used to prove Fermat’s Little Theorem, which fol- 
lows. We state two versions of Fermat’s Little Theorem, but ask you to 
prove that the two versions are equivalent to one another. Both of them tell 
us important and applicable facts about powers of natural numbers modulo 
a prime. 


4.15 Theorem (Fermat’s Little Theorem, Version I). [f p is a prime and a 
is an integer relatively prime to p, then a®-) = 1 (mod p). 
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4.16 Theorem (Fermat’s Little Theorem, Version II). Jf p is a prime and 
a is any integer, then a? =a (mod p). 


4.17 Theorem. Zhe two versions of Fermat’s Little Theorem stated above 
are equivalent to one another, that is, each one can be deduced from the 
other. 


Fermat’s Little Theorem states that a natural number not divisible by p, 
raised to the (p — 1)-st power, is congruent to | modulo p. Recall that 
the order of a natural number is the smallest power that is congruent to 
1 modulo p. The next theorem states that the order of each such number 
must divide (p — 1). 


4.18 Theorem. Let p be a prime and a be an integer. If (a, p) = 1, then 
ord, (a) divides p — 1, that is, ordp(a)|p — 1. 


One of the impressive applications of Fermat’s Little Theorem is that it 
allows us to do computations involving modular arithmetic that would be 
impossible otherwise. Impress your friends by doing the following compu- 
tations in your head. 


4.19 Exercise. Compute each of the following without the aid of a calcu- 
lator or computer. 

1. 51237 (mod 13). 

2. 34443233 (mod 17). 

3. 12345° (mod 23). 


4.20 Exercise. Find the remainder upon division of 31415? by 31. 


Fermat’s Little Theorem tells us information about prime moduli, but 
how are we going to deal with moduli that are not prime? One strategy is 
to decompose a composite (non-prime) modulus into relatively prime parts. 
The following theorem shows that a natural number that is congruent to a 
fixed number modulo two different, relatively prime moduli is congruent to 
that same number modulo the product of the moduli. For example, if you 
have a natural number that is congruent to 12 modulo 15 and that same 
number is congruent to 12 modulo 8, that number is also congruent to 12 
modulo 120 (= 8- 15). 


4.21 Theorem. Let n and m be natural numbers that are relatively prime, 
and let a be an integer. If x = a (mod n) and x = a (mod m), then 
x =a (mod nm). 
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4.22 Exercise. Find the remainder when 4’ is divided by 91 (= 7- 13). 


When you see powers and a modulus, it is a good idea to think about the 
modulus as a product of primes and then see whether you can use Fermat’s 
Little Theorem to advantage. 


4.23 Exercise. Find the natural number k < 117 such that 2!17 = k 
(mod 117). (Notice that 117 is not prime.) 


An alternative route to Fermat’s Little Theorem 


Many theorems have several different proofs. One approach to proving 
Fermat’s Little Theorem is by induction using the Binomial Theorem. So 
the first step in this approach is to state and prove the Binomial Theorem. 


Definition. If n and m are natural numbers with m < n, then 


n\_ n! 
m} — m\(n—m)! 


We define 0! to equal 1. Thus, we can extend the definition to include 
m = 0. In that case, we have (5) = | for any natural number n. 


Note: You may recall that (/") is equal to the number of subsets of size 
m ina Set of size n. 


4.24 Theorem (Binomial Theorem). Let a and b be numbers and let n be 
a natural number. Then 


n 
(a+b)" = "yar 
x( 

The Binomial Theorem describes the coefficients of each term when you 
expand (a + b)”. When n is equal to a prime p, p will divide all those 
coefficients, except the end ones, of course. 


4.25 Lemma. /f p is prime and i is a natural number less than p, then p 
divides (?). 


Using this observation, you can prove Fermat’s Little Theorem, Version 
Il, by first observing that 0” is congruent to 0 modulo p, 1” is congruent to 
1 modulo p, then moving on to prove that 2” is congruent to 2 modulo p 
and then proving that 3” is congruent to 3 modulo p and so on. You might 
find the preceding lemma useful in executing this inductive procedure. 
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4.26 Theorem (Fermat’s Little Theorem, Version II). Jf p is a prime and 
a is an integer, then a? =a (mod p). 


Euler’s Theorem and Wilson’s Theorem 


Fermat’s Little Theorem suffers from the limitation that the modulus is 
prime. As usual, our strategy is to take an idea, in this case Fermat’s Little 
Theorem, and see how it can be extended to apply to a more general case. 
So we need to ask ourselves what aspects of Fermat’s Little Theorem can 
we hope to extend to a case where the modulus is not prime. If we start 
with a number that is not relatively prime to the modulus, then no power of 
it will ever be congruent to 1. So we focus our attention on those numbers 
that are relatively prime to the modulus. The first concept we introduce is 
the Euler ¢-function that simply counts how many of these relatively prime 
numbers there are. 


Definition. For a natural number n, the Euler ¢$-function, ¢(n), is equal 
to the number of natural numbers less than or equal to n that are relatively 
prime to n. (Note that (1) = 1.) 


Let’s just do a few examples to make sure that the definition is clear. 


4.27 Question. The numbers 1, 5, 7, and 11 are all the natural numbers 
less than or equal to 12 that are relatively prime to 12, so (12) = 4. 


1. What is (7)? 
2. What is @(15)? 
3. What is @(21)? 
4. What is 6(35)? 


It is always a good idea to revisit useful and important results and re- 
mind yourself of their proofs. We restate the following three theorems here 
because of their importance and usefulness in the upcoming work. 


4.28 Theorem. Let a, b, and n be integers such that (a,n) = 1 and 
(b,n) = 1. Then (ab,n) = 1. 


4.29 Theorem. Let a, b, and n be integers withn > 0. Ifa =b (mod n) 
and (a,n) = 1, then (b,n) = 1. 
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4.30 Theorem. Let a, b, c, and n be integers with n > 0. If ab = ac 
(mod n) and (a,n) = 1, then b =c (mod n). 


The following theorem begins by listing those numbers that are being 
counted when we find the Euler ¢-function of a number. It observes that 
multiplying each of those numbers by a common number that is relatively 
prime to the modulus cannot create congruent numbers. They start not con- 
gruent (because they are different numbers less than the modulus) and they 
end not congruent. 


4.31 Theorem. Let n be a natural number and let x1, X2, ..., Xn) be the 
distinct natural numbers less than or equal to n that are relatively prime 
to n. Let a be a non-zero integer relatively prime to n and let i and j 
be different natural numbers less than or equal to @(n). Then ax; # ax; 
(mod 7). 


The next theorem is Euler’s Theorem, which generalizes Fermat’s Little 
Theorem. Since Euler’s Theorem generalizes Fermat’s Little Theorem, the 
way to start thinking about its proof is to think about the proof of Fermat’s 
Little Theorem and see whether you can imitate the steps in this different 
setting. It is always a good idea to start with what you know and see how 
it can be modified to fit a new situation. 


4.32 Theorem (Euler’s Theorem). [fa and n are integers with n > 0 and 
(a,n) = I, then 
a?) =1 (mod n). 


4.33 Corollary (Fermat’s Little Theorem). Jf p is a prime and a is an 
integer relatively prime to p, then a?-) = 1 (mod p). 


As long as we can compute (7), Euler’s Theorem can be used just like 
Fermat’s Little Theorem for computing powers of numbers modulo n. 


4.34 Exercise. Compute each of the following without the aid of a calcu- 
lator or computer. 


1. 124° (mod 15). 
2. 13911? (mod 27). 


4.35 Exercise. Find the last digit in the base 10 representation of the 


integer 13474, 
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The next theorem tells us that every natural number less than a given 
prime can be multiplied by another natural number to yield 1 modulo the 
prime. This observation says that numbers have something that behaves like 
a multiplicative inverse in the “mod p” world. 


4.36 Theorem. Let p be a prime and let a be an integer such that | < 
a < p. Then there exists a unique natural number b less than p such that 
ab = 1 (mod p). 


Definition. Let p be a prime and let a and b be integers such that ab = 1 
(mod p). Then a and 5 are said to be inverses modulo p. 


4.37 Exercise. Let p be a prime. Show that the natural numbers | and 
p — | are their own inverses modulo p. 


The next theorem asserts that except for the special numbers 1 and p—1, 
the inverse of a number modulo p is different from itself. In other words, 
squaring a natural number less than p other than 1 or p — 1 will not give 
you a number congruent to 1 modulo the prime p. 


4.38 Theorem. Let p be a prime and let a and b be integers such that 
1 <a,b < p—1andab=1 (mod p). Thena # b. 


Let’s see how numbers pair up with their inverses in a specific case. 


4.39 Exercise. Find all pairs of numbers a and b in {2,3,..., 11} such 
that ab = 1 (mod 13). 


The preceding theorems and examples are giving us a perspective about 
numbers and their multiplicative inverses modulo a prime p. One conse- 
quence of this picture is that when we multiply all the numbers from 2 up 
to (p — 2), we get a number congruent to 1 modulo the prime p. 


4.40 Theorem. Jf p is a prime larger than 2, then 2-3-4----- (p-2)=1 
(mod p). 


We end the chapter with Wilson’s Theorem which is perhaps the most 
famous consequence of our understanding of numbers and their inverses 
modulo a prime p. 


4.41 Theorem (Wilson’s Theorem). Jf p is a prime, then (p — 1)! = -1 
(mod p). 
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The converse of Wilson’s Theorem is also true; that is, if the product of 
all the natural numbers less than n is congruent to —1 modulo n, then n 
must be prime. 


4.42 Theorem (Converse of Wilson’s Theorem). Jf is a natural number 
such that 


(n—1)!=-1 (mod n), 
then n is prime. 


Whenever we prove a good theorem, we can ask about extensions of it. 
After we proved Fermat’s Little Theorem that talked about prime moduli, 
we extended it to Euler’s Theorem that dealt with composite moduli. Can 
you make a conjecture that would extend Wilson’s Theorem to moduli that 
are not prime? 


4.43 Blank Paper Exercise. Chapter 4 is the culmination of all of your 
inquiries from the first three chapters. After not looking at the material for 
a day or two, take a blank piece of paper and outline the development of 
the first four chapters in as much detail as you can without referring to the 
text or to notes. Places where you get stuck or can’t remember highlight 
areas that may call for further study. 


Fermat, Wilson and ... Leibniz? 


Tracing the history of named results like those of this chapter can be trying. 
Shakespeare’s famous “What’s in a name?” aptly applies. In a letter to 
Frenicle de Bessy (1605-1675) dated 1640, Fermat stated what we now 
call Fermat’s Little Theorem. Characteristic of Fermat, the theorem was 
explained without proof stating “I would send you the demonstration, if I 
did not fear its being too long.” 

It is not until 1736 that we find the first published proof in the works of 
Euler. The argument is based on the Binomial Theorem, and could likely 
have been known to Fermat. The algebraic proof given in Theorems 4.13-— 
4.15 appeared in 1806, and is attributed to James Ivory (1765-1842). Euler, 
of course, went on to generalize Fermat’s Little Theorem and published a 
proof of Euler’s Theorem in 1760. 

Abu Ali al-Hasan ibn al-Haytham (approx. 965-1040) considered the 
following problem: Jo find a number such that if we divide by two, one 
remains; if we divide by three, one remains; if we divide by four, one 
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remains, if we divide by five, one remains; if we divide by six, one remains; 
if we divide by seven, there is no remainder. His method of solution gives, 
in this particular case, the number (7 — 1)! + 1, which clearly leaves a 
remainder of | upon division by 2, 3, 4, 5 and 6. But al-Haytham was also 
aware that this number was divisible by 7, which is an instance of Wilson’s 
theorem. 

Nearly 800 years later Edward Waring (1736-1798) first published the 
general statement of Wilson’s Theorem, attributing the result to his student 
John Wilson (1741-1793). No proof was given in Waring’s publication, and 
it is believed that neither Waring nor Wilson were aware of a proof. The 
first published proof, based on the binomial theorem, appeared in 1773 by 
Lagrange and also included a proof of the converse of Wilson’s Theorem. 

Enter Leibniz. In 1894 attention was called to a collection of unpublished 
manuscripts located in the Hanover Library attributed to Gottfried Wilhelm 
von Leibniz (1646-1716), most famous as one of the creators of Calculus 
as well as for his philosophical theory of monads. We usually do not think 
of Leibniz as a pioneer of number theory. However, among his works found 
in the Hanover Library are results believed to have been attained prior to 
1683 which include proofs of both Fermat’s Little Theorem and Wilson’s 
Theorem. These dates precede Euler’s first published proof of Fermat’s 
Little Theorem by 53 years and Lagrange’s first published proof of Wilson’s 
Theorem by 90 years. 


Set 
Public Key Cryptography 


Public Key Codes and RSA 
Public key codes 


Public key codes are codes in which the encoding method is public knowl- 
edge; i.e., anyone can encode messages. However, even though everybody 
knows how messages are encoded, only the receiver knows how to decode 
an encrypted message. For example, suppose I want to sell a product and 
I want customers to be able to send me their credit card numbers in a se- 
cure manner. I can “publish” a public encoding scheme. People use this 
scheme to encode their credit card numbers before sending them to me. For 
the scheme to be secure, I should be the only person who can decode the 
numbers. So even though everyone knows exactly how the numbers were 
encoded, only I can “undo” the encoding in order to decode the message. 

Such codes are called public key codes. The notion is counterintuitive. 
How can such a scheme work? The answer is based on the fact that cer- 
tain mathematical operations are easy to perform, but hard to undo. We 
will look at a specific public key encoding scheme called RSA encryption, 
first created by mathematicians Ronald Rivest, Adi Shamir, and Leonard 
Adleman. 


Overview of RSA 


Suppose we select two enormous prime numbers, each on the order of 200 
digits long, for example. Now we multiply them (computers are whizzes at 
multiplying natural numbers, even numbers with hundreds of digits). Now 
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we give our result to a friend and ask her to factor it. She goes off to have 
her computer help her out, and is never seen again. Factoring large numbers 
is hard, even for a computer. There are limits to the size of natural numbers 
that a computer can factor. Our product of two 200 digit primes is much 
too large for even the fastest computers to factor. 

So we can announce our enormous number to the world, but only we 
know its factors. At this point, you would be justified in saying, “So what? 
Who cares what the factors of a 400 digit number are anyway?” The answer 
is that you care. You care because the inability to factor such numbers is at 
the heart of public key encryption systems that are used millions of times a 
day to keep data that is sent over the internet secure. The challenge for this 
chapter is for you to discover how to make a public key code system by 
exploiting this example of a mathematical operation that is easy to perform 
(the multiplication of two large primes), but hard to undo (factor). We will 
see how the huge product is the public part of the RSA encryption scheme 
that will somehow allow anyone to encode messages while the decoding 
requires knowing its factorization, thus making the code unbreakable except 
by the person who knows the factors. Of course, at this point there is no 
apparent connection between factoring numbers and encoding messages. 
That is the content of this chapter. 

For convenience, let’s suppose the message we wish to encode is a num- 
ber. If our message contained words, we could do some sort of simple 
transformation turning letters into numbers. We will take our message num- 
ber and perform a mathematical operation on it to produce a new number. 
This new number is the encoded message. What operation will we per- 
form? We will raise our original number message to some power modulo 
some base. Recovering the original number message from the encoded mes- 
sage number will be practically impossible without some secret knowledge. 
With the secret knowledge, we simply raise the encoded number to another 
power to obtain the original message. The key to the whole process is the 
work we have already done, including the Euclidean Algorithm and Euler’s 
Theorem. 


Let’s decrypt 


Before getting to James Bond, let’s begin with some theorems about mod- 
ular arithmetic. This first theorem has a familiar conclusion reminiscent of 
Fermat’s Little Theorem and Euler’s Theorem, namely, that under certain 
conditions a number to a power is congruent to 1 modulo another number. 
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5.1 Theorem. Jf p and q are distinct prime numbers and W is a natural 
number with (W, pq) = 1, then W?-Y@-) = 1 (mod pq). 


You might think that the next theorem would require the hypothesis that 
(W, pq) = 1; however, it is true for all natural numbers W. One strategy for 
proving a theorem is first to prove the theorem with a stronger hypothesis 
and later deal with the other cases. Here, you might first prove the theorem 
assuming the extra hypothesis that (W, pq) = 1. After that success, you 
can analyze what would happen if p or g divides W. 


5.2 Theorem. Let p and q be distinct primes, k be a natural number, and 
W be a natural number less than pq. Then 


Witk-1)G-D = w (mod pq). 


Notice how this next theorem has a conclusion that looks similar to 
theorems from Chapter | about linear Diophantine equations. As usual, 
an excellent strategy in mathematics is to remember previous theorems or 
insights that seem to be related to the current question. 


5.3 Theorem. Let p and q be distinct primes and E be a natural number 
relatively prime to (p —1)(q —1). Then there exist natural numbers D and 
y such that 

ED =1+y(p—Iq-D). 


5.4 Theorem. Let p and q be distinct primes, W be a natural number 
less than pq, and E, D, and y be natural numbers such that ED = 
1+ y(p —1)(q - 1). Then 


w®?=W (mod pq). 


Notice that the conclusion of the preceding theorem is that raising W to 
a certain power, the ED power, and reducing modulo pq just gives us W 
back again. Remember that W£? = (W)?. 

We now have all the pieces used to make up the RSA Public Key Coding 
System. The next exercise asks you to put the pieces together. 


5.5 Exercise. Consider two distinct primes p and q. Describe every step 
of the RSA Public Key Coding System. State what numbers you choose 
to make public, what messages can be encoded, how messages should be 
encoded, and how messages are decoded. What number should be called 
the encoding exponent and what number should be called the decoding 
exponent? 
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The next exercise asks you to develop an RSA Public Key Coding System 
using an actual pair of primes. These primes might be slightly too small 
for any real value in applications, but the goal of the exercise is for you 
to understand every step of how the RSA system works and see it actually 
work with numbers. Again, state what numbers you choose to make public, 
what messages can be encoded, how messages should be encoded, and how 
messages are decoded. It is neat to see all these steps and to see that you 
can encode and decode actual numbers. 


5.6 Exercise. Describe an RSA Public Key Code System based on the 
primes 11 and 17. Encode and decode several messages. 


Of course, the fun of being a spy is to break codes. So get on your trench 
coat, pull out your magnifying glass, and begin to spy. The next exercise 
asks you to break an RSA code and save the world. 


5.7 Exercise. You are a secret agent. An evil spy with shallow number 
theory skills uses the RSA Public Key Coding System in which the public 
modulus is n = 1537, and the encoding exponent is E = 47. You intercept 
one of the encoded secret messages being sent to the evil spy, namely the 
number 570. Using your superior number theory skills, decode this mes- 
sage, thereby saving countless people from the fiendish plot of the evil spy. 


The next exercise asks you to explain in general how you can break RSA 
codes if you are able to factor n. 


5.8 Exercise. Suppose an RSA Public Key Coding System publishes n 
(which is equal to the product of two undisclosed primes p and q) and E, 
with E relatively prime to (p — 1)(q — 1). Suppose someone wants to send 
a secret message and so encodes the message number W (less than n) by 
finding the number m less than n such that m = W® (mod n). Suppose 
you intercept this number m and you are able to factor n. How can you 
figure out the original message W? 


Notice that the two previous exercises tell us that the RSA Public Key 
Coding System would be useless if it were possible to factor pq. Factoring 
sounds like a simple process; however, when p and q are primes containing 
several hundred digits each, no person nor computer in the world knows how 
to factor pq. It is interesting that such a simple process as factoring lies at 
the heart of secret codes on which billions of dollars of secure transactions 
rely. 
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5.9 Applications Exercise. You have seen the application of number theory 
to RSA cryptography. Find out all you can about the role of number theory 
in some other types of “codes” such as bar codes, ISBN codes, and credit 
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card number “codes. 


Hard Problems 


The RSA encryption system actually has two keys. One is made public (the 
encoding key £), and the other is kept private (the decoding key D). Such 
a system is said to use an asymmetrical key, as opposed to a symmetrical 
key where the same key is used to both encrypt and decrypt. The asymmet- 
rical public key allows anyone to encode messages, but only the receiver 
can decode. In practice, the RSA system is inefficient for encoding and de- 
coding large amounts of data. Encryption methods such as AES (Advanced 
Encryption Standard) are much more efficient, but require a symmetric key 
to be shared by the sender and receiver. Sharing such a key poses many 
potential problems. So we have 


e AES: efficient, but requires a shared key, 
e RSA: inefficient, but uses a public key. 


In practice, the two methods are often combined to take advantage of their 
positive qualities (the efficiency of AES and the public key of RSA). 

If Alice wishes to send a message M to Bob, she encrypts M using a 
randomly chosen AES key. Then, using Bob’s public RSA encoding key, she 
encrypts her AES key. Alice then sends Bob two items: her AES encoded 
message and her RSA encrypted AES key. Bob can easily decrypt the AES 
key (using his private RSA decryption key), then use the decrypted AES key 
to decrypt the AES encoded message. So in this regard, RSA is primarily 
used as a method of key exchange. 

The security of the RSA encryption system relies on the fact that factoring 
is hard. How hard? According to the RSA Laboratories website, it was 
reported in November of 2005 that a 193 digit integer was factored after 30 
2.2GHz-Opteron-CPU years of work (which occurred over about 5 months 
of calendar time). We’re not exactly sure what that statement means, but 
it sure makes factoring sound hard. But factoring is not the only hard 
mathematical problem used for public key exchange. 

Some of the earliest work on public key exchange methods occurred in 
the mid-1970s at Stanford University. Graduate student Whitfield Diffie and 
his advisor Martin Hellman developed a public key exchange system based 
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on the hard mathematical problem of computing “logarithms modulo p.” It 
works as follows. Suppose Alice and Bob wish to share a secret key (which 
will simply be a number). Two quantities are made public: a prime number 
p, and an integer g < p which has the property that {0, g, g7,...,g?-1} 
form a complete residue system modulo p. Such a g is called a primitive 
root modulo p, and is explored further in the next chapter. 

Next, Alice and Bob each choose a private value, say a and b. These num- 
bers are not made public. Alice then makes public her value g* (mod p), 
and Bob makes public his value g? (mod p). Finally, Alice and Bob can 
now compute their shared secret key: Alice takes Bob’s public value and 
computes (g?)* (mod p), and Bob takes Alice’s public value and computes 
(g7)? (mod p). Since 


(g?)? = gh" = 3% = (g*)’ (mod p), 


they have a shared key (which, for example, could then be used for a 
symmetrical key system like AES). How secret is it? Essentially, the only 
way to figure out the shared key is to obtain the secret values a and b. So 
the problem becomes: given the public values g and g* (mod p), determine 
the secret value a. This is called the discrete logarithm problem modulo p, 
and it is believed to be just as difficult as the factoring problem associated 
with RSA. 

The group of integers modulo 7 are not the only source of mathematics 
making its way into public key cryptography. In the mid-1980s Victor Miller 
and Neal Koblitz independently proposed using mathematical objects called 
elliptic curves to generate public key codes. An elliptic curve is a plane 
cubic curve. For example, an elliptic curve might be given by an equation 
of the form 

y2=xe+bx+e, 


where b and c are chosen from an appropriate set of numbers. What is 
special about these curves is that they come with an arithmetic as well. 
That is, there is a natural way to “add” two points on the curve and obtain 
a third point. 

As with Diffie-Hellman, certain objects are made public: the elliptic 
curve, a prime number p, and a “point” P on the elliptic curve. The prime 
P specifies where the coefficients b and c in the equation of our curve are 
coming from. Namely, they come from the set of integers modulo p, i.e., 
the set {0,1,2,..., p—1}. The point P is then an ordered pair P = (x, y) 
where x and y are integers modulo p that satisfy the curve’s equation 
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modulo p; that is, x and y satisfy 


y?=x34+bx+c (mod p). 
For example, consider the following curve with coefficients coming from 
the set of integers modulo 23 (so p = 23): y? = x* +x. It is a good 
exercise to check that P = (17, 13) is in fact a “point” on the curve (there 
are actually 23 “points” on this curve modulo 23). 

Alice uses her secret value a to compute a public “point” 


aP=P+P+.-.-4P, 
———— 


a terms 


and Bob makes public bP. They can then compute their shared secret key 
a(bP) = (ab)P = (ba)P = b(aP). 


For a third party to discover their secret key, the values a and b must be 
found. So the problem becomes: given the public quantities P and aP, find 
a. This is the discrete logarithm problem for elliptic curves modulo p, and 
is currently considered a harder problem than the discrete logarithm problem 
for the integers modulo p that provides the security for Diffie-Hellman. 

These public key coding systems use abstract results in number theory 
to do the very practical work of sending messages over the internet. When 
mathematicians were working on the underlying number theory, they had 
no notion that their work would have any practical applications. Fermat 
and Euler, whose theorems are crucial to the public key coding messages 
we developed in this chapter, lived hundreds of years ago. They found the 
number theory results beautiful and interesting. Often mathematics has been 
developed without applications in mind and then later those insights are 
discovered to be crucial to some very important practical issue. Public key 
cryptography is a prime example of how important it is for human beings 
to continue to explore ideas in mathematics and science with the only goal 
being to seek and develop the beauty of ideas. Practical applications will 
inevitably follow. 


Lt 
Polynomial Congruences and 
Primitive Roots 


Higher Order Congruences 


The RSA coding system embodies a beautiful application of Euler’s Theo- 
rem. A key step in the decoding process was our ability to solve the congru- 
ence x = m (mod pq), where E was the encoding exponent and m was 
the encoded word. This may have been our first example of a polynomial 
congruence of degree greater than | (recall we covered linear congruences 
back in Chapter 3). In this chapter and the next we continue the study of 
solutions to polynomial congruences of higher degree, encountering some 
fascinating new mathematics along the way. 


Lagrange’s Theorem 


One of the most basic theorems about polynomials is the Fundamental 
Theorem of Algebra. Among other things, it tells us that an nth degree 
polynomial 

f(x) = aux" + dn1x"! +++ + ao 
has no more than n roots. We will not attempt to give a proof here of 
the Fundamental Theorem of Algebra. Rather, we will derive a “mod p” 
version of it due to Lagrange. 


Definition. Recall that r is a root of the polynomial f(x) = dx” + 
Gn—\x"! +-++4+ ag if and only if f(r) = 0. 


This first theorem does not have any modular arithmetic in it. Do you 
remember how to do long division with polynomials? 
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6.1 Theorem. Let dyx” + dyn—1x"~! +-+++ do be a polynomial of degree 
n > 0 with integer coefficients and assume an # 0. Then an integer r is a 
root of f(x) if and only if there exists a polynomial g(x) of degree n — 1 
with integer coefficients such that f(x) = (x —1r)g(x). 


This next theorem is very similar to the one above, but in this case 
(x —r)g(x) is not quite equal to f(x), but is the same except for the 
constant term of f(x) and the constant term of (x —1r)g(x). Those constant 
terms are not the same, but are congruent using an appropriate modulus. 


6.2 Theorem. Let f(x) = dnx” +dy—1x""! +++++ag be a polynomial of 
degree n > 0 with integer coefficients and ayn # 0. Let p be a prime number 
and r an integer. Then, if f(r) = 0 (mod p), there exists a polynomial 
g(x) of degree n —1 such that 


(x —r)g(x) = anx” + an—1x"! +++» + a1x + bo 
where dy = bo (mod p). 


The final theorem of this section is a generalization of the Fundamental 
Theorem of Algebra in the setting of polynomials modulo a prime. 


6.3 Theorem (Lagrange’s Theorem). /f p is a prime and f(x) = a,x" + 
dn—1x"—! +-++++ ag is a polynomial with integer coefficients and an # 0, 
then f(x) = 0 (mod p) has at most n non-congruent solutions modulo p. 


Primitive roots 


Fermat’s Little Theorem tells us that if we raise a natural number a less 
than a prime p to the p — | power, the result is congruent to 1 modulo 
p. However, for some natural numbers a, raising a to lower powers may 
also result in a number congruent to 1 modulo p. In this section, you will 
explore the orders of elements in more detail. Let’s begin by proving that 
the order of a is the same as the order of a! if i is relatively prime to the 
order. 


6.4 Theorem. Suppose p is a prime and ordp(a) = d. Then for each 
natural number i with (i,d) = 1, ord, (a') = d. 


The preceding theorem gives us a whole collection of numbers that have 
the same order modulo p. The next theorem, by contrast, puts a limit on 
how many incongruent natural numbers can have the same order modulo 
p. You might notice that a natural number & of order d modulo a prime 
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p is a solution of the congruence x? = 1 (mod p). Recall that we earlier 
proved some theorems concerning the number of incongruent solutions that 
an equation of degree d could have modulo p. 


6.5 Theorem. For a prime p and natural number d, at most }(d) incon- 
gruent integers modulo p have order d modulo p. 


Of course, there are many natural numbers d in the above theorem for 
which there are no numbers with that order modulo p. Recall that the order 
of any integer modulo p is less than p. In fact, recall the theorem that if 
p is a prime and k is a natural number less than p, then ordy(k)|(p — 1). 
It is always a good idea to review the proof or the main steps of the proof 
when you recall a theorem. In this case, you may remember something like 
the following key ideas. By definition of order, k°™?“) = 1 (mod p) and 
no lower power of k is congruent to 1 modulo p. Therefore, k7°%?) = | 
(mod p) and k3°4?) = 1 (mod p) and ...k/ 42) = 1 (mod p) and 
no intermediate powers are congruent to 1 modulo p. Since k?~! = 1 
(mod p), then some multiple of ord,(k) must equal p — 1. 

If you get in the habit of remembering sketches of proofs like the above 
every time you recall a theorem, then soon the proofs and the theorems will 
become much more real and immediate to you. 

Returning now to the orders of elements modulo a prime p, we know that 
the order of every integer divides p — 1. An integer whose order is as large 
as possible, namely p — 1, has special significance, because, as you will 
soon prove, its powers give every non-zero member of a complete residue 
system modulo p. We first give such numbers a name and then prove that 
theorem. 


Definition. Let p be a prime. An integer g such that ordy(g) = p— 1 is 
called a primitive root modulo p. 


6.6 Theorem. Let p be a prime and suppose g is a primitive root modulo 
p. Then the set {0, g,g7, 23,...,g? +} forms a complete residue system 
modulo p. 


As usual, ideas become more meaningful if you look at actual numerical 
examples. 


6.7 Exercise. For each of the primes p less than 20 find a primitive root 
and make a chart showing what powers of the primitive root give each of 
the natural numbers less than p. 
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Your exploration of the first few primes might suggest to you that every 
prime has at least one primitive root. In fact, that is true. We state that 
theorem here, and you may be able to think of a proof of it now; however, 
there are some preliminary theorems about the Euler ¢-function that will 
help us to prove the existence of primitive roots. We will investigate those 
theorems in the next section and then return to this theorem about primitive 
roots. 


6.8 Theorem. Every prime p has a primitive root. 


One approach to proving the existence of primitive roots for a prime p 
is to put together a few of the ideas we already know. You proved that for 
any divisor d of p — 1, at most @(d) incongruent numbers have order d 
modulo p. We know that every natural number k less than p has an order 
d that divides p— 1. So we could list the divisors d of p—1 and for each 
such d we notice that at most #(d) of the numbers 1,2,3,..., p — 1 have 
order d and systematically cross the order d numbers off the list. Let’s try 
this strategy with the prime p = 13. 


6.9 Exercise. Consider the prime p = 13. For each divisor d = 1,2,3, 
4,6,12 of 12 = p—1, mark which of the natural numbers in the set 
{1, 2,3, 4,5, 6, 7, 8, 9, 10, 11, 12} have order d. 


Notice in the above exercise that there are ¢(d) numbers of order d for 
each d. Of course, each number from 1 to 12 has some order. So in the 
case of 12, 


P(1) + $2) + $3) + G(4) + O(6) + O12) = 12. 


A more compact way of writing the above sum is to use summation notation. 


We will write 

>> (4) 

d\n 
for the sum of the Euler ¢-function of the natural number divisors of the 
natural number n. So, for example, the previous observation can be written 


Y> o(d) = 12. 
d\12 


This example is suggestive of a more general relationship between the Euler 
o-function and the divisors of a natural number, which we will explore in 
the next section. 
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Euler’s ¢-function and sums of divisors 


For the moment, let’s not think about primes and primitive roots and instead 
just look at any natural numbers. The first exercise below asks you to look 
at all the natural number divisors of a natural number, take the Euler ¢- 
function of each divisor, add up those values and look for a pattern. 


6.10 Exercise. Compute each of the following sums. 


1S) 9¢@) 


d|6 


Make a sweeping conjecture about the sum of $(d) taken over all the 
natural number divisors of any natural number n. 


Your sweeping conjecture is probably true. To be sure, check Theo- 
rem 6.15 below. Since every natural number larger than 1 is the product 
of primes, we adopt the strategy of seeing how to prove the conjecture for 
primes and then seeing how to compute it for products of primes. In the 
case of primes, there are not many divisors to consider, so that simplifies 
the situation. 


6.11 Lemma. /f p is a prime, then 
> o(d) = p. 
d|p 
You can list all the divisors of powers of primes very specifically. So that 


is the next case to tackle. 


6.12 Lemma. /f p is a prime, then 
> od) = p*. 


d| pk 
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To build up our understanding, the easiest case that involves more than 
one prime would be a natural number that is the product of exactly two 
primes. So that is the next case that we ask you to prove. 


6.13 Lemma. /f p and q are two different primes, then 
Y> od) = pa. 
d\pq 


The proof of the preceding lemma has allowed you to develop the insights 
that enable you to deal with the product of any two relatively prime natural 
numbers, which is what you will do next. 


6.14 Lemma. /fn and m are relatively prime natural numbers, then 


bx oid)) , (> o(d)) = 4). 


d|m d\n d|mn 


All the preceding lemmas allow you to finally prove your conjecture that 


the sum 
>> 4d) 


d\n 


will just equal the natural number that you started with. 


6.15 Theorem. /f 7 is a natural number, then 


> o(d) =n. 


d\n 


After thinking about an idea for a few hundred years, it is sometimes 
possible to see the same result from a different point of view. The approach 
above is a clear strategy of doing simpler cases first and putting them 
together to get the result. But in this case, there is a slick alternative proof 
to the above theorem, which we thought you might enjoy. So please verify 
the steps of the following different approach to the same theorem. 


6.16 Exercise. For a natural number n consider the fractions 


pees ; 


n n 


1 
nn’ 
all written in reduced form. For example, with n = 10 we would have 


113213 749 1 
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Try to find a natural one-to-one correspondence between the reduced frac- 
tions and the numbers $(d) for d|n. Show how that observation provides 
a very clever proof to the preceding theorem. 


Having established the theorem that 


> ¢@) =n, 


d\n 


we can now prove that every prime p has a primitive root. In fact, we can 
prove that it has #(p — 1) primitive roots. 


6.17 Theorem. Every prime p has $(p — 1) primitive roots. 


Euler’s ¢-function is multiplicative 


Although we defined the Euler ¢-function, saw how to use it to prove a 
generalization of Fermat’s Little Theorem, and saw how it was used in 
the discussion of primitive roots, we do not yet know how to compute the 
value of the Euler ¢-function for an arbitrary natural number n. Since every 
natural number larger than 1 is the product of primes, we adopt the strategy 
of seeing how to compute the Euler ¢-function for primes and then we see 
how to compute it for products of primes. We’ll first ask you to make and 
prove a conjecture about the value of the Euler ¢-function of a prime. 


6.18 Exercise. Make a conjecture about the value $(p) for a prime p. 
Prove your conjecture. 


The next simpler kind of natural number is a product of primes where 
just one prime is involved, in other words, a power of a prime. Once again, 
we ask you to make a conjecture and prove it about the value of the Euler 
¢-function for powers of primes. If you get stuck, try just writing out the 
natural numbers 1,2,3,4,..., p* for some primes p and small powers k 
and just circle those numbers on the list that are relatively prime to p*. By 
looking at examples and looking for patterns, you can make and prove your 
conjecture for a formula that tells us 6(p*). 


6.19 Exercise. Make a conjecture about the value ¢(p*) for a prime p 
and natural numbers k. Prove your conjecture. 


Our goal is to be able to compute the Euler ¢-function for any natural 
number n. To do so, we first observe that the Euler ¢-function counts 
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relatively prime members of any complete residue system. That is, the Euler 
o-function ¢(n) counts the number of numbers in the set {1,2,3,...,m} 
that are relatively prime to n, but it also counts the number of numbers in 
any complete residue system modulo n that are relatively prime to n. 


6.20 Theorem. /f7n is a natural number and A is a complete residue system 
modulo n, then the number of numbers in A that are relatively prime to n 
is equal to $(n). 


We can construct a complete residue system for a natural number 1 by 
taking an arithmetic progression of numbers where the steps are relatively 
prime to n. 


6.21 Theorem. Jf n is a natural number, k is an integer, and m is an 
integer relatively prime to n, then the set of n integers 


{k,k +m,k +2m,k + 3m,...,k + (n— 1)m} 
is a complete residue system modulo n. 


The previous two theorems can be used to prove the next theorem which 
states that the Euler ¢-function of a product of relatively prime numbers 
is equal to the product of the Euler ¢-functions of each. You might gain 
some insight by taking a few examples of relatively prime natural numbers 
m and n. 


6.22 Exercise. Consider the relatively prime natural numbers 9 and 4. 
Write down all the natural numbers less than or equal to 36 = 9-4 ina 
rectangular array that is 9 wide and 4 high. Then circle those numbers in 
that array that are relatively prime to 36. Try some other examples using 
relatively prime natural numbers. 


Now, using the insights you have gained from the examples, prove the 
following theorem. 


6.23 Theorem. Jf n and m are relatively prime natural numbers, then 


o(mn) = b(m)o(n). 


Definition. A function f of natural numbers is multiplicative if and only 
if for any pair of relatively prime natural numbers m and n, f(mn) = 


fim) f(n). 
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The previous theorem could be restated by saying that the Euler @¢- 
function is multiplicative. There are many other useful and interesting mul- 
tiplicative functions in number theory, none of which will appear in this 
book. 

We can now compute the Euler ¢-function of any natural number by 
taking its unique prime factorization. 


6.24 Exercise. Compute each of the following. 
I. (3) 

2. 6(5) 

3. o(15) 

4. o(45) 

5. $(98) 

mec hag leas haa 

We can now be more specific about what powers of numbers will be 


congruent to 1 modulo n. 


6.25 Question. Zo what power would you raise 15 to be certain that you 
would get an answer that is congruent to 1 modulo 98? Why? 


We can now compute the number of primitive roots of a prime. 


6.26 Question. How many primitive roots does the prime 251 have? 


Roots modulo a number 


In Chapter 4 we investigated the process of repeated multiplication of num- 
bers modulo another number, that is, taking powers of numbers and reducing 
those powers modulo n. Finding a number that when multiplied by itself k 
times results in the number b modulo n translates into solving the congru- 
ence 

x* =b (mod n). 


A solution could be called a kth root of b modulo n. Our work on orders 
of elements and primitive roots sheds some light on the nature of the set 
of solutions when n is a prime and b = 1. Finding general solutions to 
congruences of this form is a difficult task to accomplish, but for certain 
choices of k, b, and n success is within our grasp. 
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Our goal is to develop a technique using Euler’s Theorem for finding 
solutions to congruences of the form x* = b (mod n), that is, finding kth 
roots of b modulo a number n. You have already seen instances of this 
technique in Chapter 5. Let’s begin by experimenting with actual numbers. 


6.27 Exercise. Try, using paper and pencil, to solve several congruences 
of the form x* = b (mod 5) and x* = b (mod 6). 


We hope you observed that depending on the choice of k, b, and n in the 
previous exercise the congruence may have no solutions, one solution, or 
more than one solution. (If you did not observe this go try more examples!) 
In the next exercise you are asked to make an observation (one that you 
may very well have made already) that will get us on track for developing 
a more systematic strategy for finding kth roots modulo n. 


6.28 Exercise. Compute a? (mod 5) for several choices of a. Can you 
explain what happens? Now compute a!” (mod 15) for several choices of 
a. Does your previous explanation apply here too? 


The following theorem should capture your explanations from the last 
exercise. It is a straightforward and hopefully enlightening consequence of 
Euler’s Theorem. 


6.29 Theorem. /f a is an integer and v and n are natural numbers such 
that (a,n) = 1, then a®®™+! = aq (mod n). 


Now let’s apply these observations to solve actual congruences. 


6.30 Question. Consider the congruence x> = 2 (mod 7). Can you think 
of an appropriate operation we can apply to both sides of the congruence 
that would allow us to “solve” for x? If so, is the value obtained for x a 
solution to the original congruence? 


6.31 Question. Consider the congruence x* =7 (mod 10). Can you think 
of an appropriate operation we can apply to both sides of the congruence 
that would allow us to “solve” for x? If so, is the value obtained for x a 
solution to the original congruence? 


We hope you discovered that raising both sides of our congruence to 
an appropriately chosen exponent seems to always yield a solution. The 
following theorem, which generalizes Theorem 5.3, asserts that such an 
exponent is always available. 
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6.32 Theorem. /f k and n are natural numbers with (k,@(n)) = 1, then 
there exist positive integers u and v satisfying ku = o(n)v + 1. 


The previous theorem not only asserts that an appropriate exponent is 
always available, but it also tells us how to find it. The numbers u and v 
are solutions to a linear Diophantine equation just like those we studied in 
Chapter 1. 


6.33 Exercise. Use your observations so far to find solutions to the follow- 
ing congruences. Be sure to check that your answers are indeed solutions. 


I. x’ =4 (mod 11) 


2. x> 


11 (mod 18) 
3. x’? =2 (mod 8) 


You have probably devised a method for finding a solution to a congru- 
ence of the form x* = b (mod n), but the third congruence in the above 
exercise shows that this method does not always work. 


6.34 Question. What hypotheses on k, b, and n do you think are necessary 
for your method to produce a solution to the congruence x* = b (mod n)? 
Make a conjecture and prove it. 


6.35 Theorem. /f b is an integer and k and n are natural numbers such 
that (k,@(n)) = 1 and (b,n) = 1, then x* = b (mod n) has a unique 
solution modulo n. Moreover, that solution is given by 


x =b”" (mod n), 
where u and v are positive integers such that ku = $(n)v + 1. 


Our experiments at the beginning of the section showed that a number 
can have multiple roots modulo another number. But the previous theorem 
asserts that under the given hypotheses, our method not only finds a kth 
root modulo n, but in fact finds the only kth root. 


6.36 Exercise. Find the 49th root of 100 modulo 151. 


The following two theorems assert that for square-free numbers n, that 
is, numbers that are products of distinct primes, the hypothesis (b,n) = 1 
from Theorem 6.35 can be dropped. The first theorem is a generalization 
of Theorem 5.2. 
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6.37 Theorem. /fa is an integer, v is a natural number, and n is a product 
of distinct primes, then a®®@™+! = a (mod n). 


6.38 Theorem. Jfn is a natural number that is a product of distinct primes, 
and k is a natural number such that (k,o(n)) = 1, then x* =b (mod n) 
has a unique solution modulo n for any integer b. Moreover, that solution 
is given by 

x =b”" (mod n), 


where u and v are positive integers such that ku — o(n)v = 1. 
6.39 Exercise. Find the 37th root of 100 modulo 210. 


General solutions to the congruence x* = b (mod n) when (k, $(n)) > 
1 are much harder to come by. In Chapter 7 we will consider in depth 
the special case of k = 2 and n a prime. Using our work on primitive 
roots modulo a prime we can prove the following final result which tells us 
something about the number of roots a number can have modulo a prime. 


6.40 Theorem. Let p be a prime, b an integer, and k a natural number. 
Then the number of kth roots of b modulo p is either 0 or (k, p — 1). 


6.41 Blank Paper Exercise. After not looking at the material in this chap- 
ter for a day or two, take a blank piece of paper and outline the development 
of that material in as much detail as you can without referring to the text 
or to notes. Places where you get stuck or can’t remember highlight areas 
that may call for further study. 


Sophie Germain is Germane, Part | 


We hope your work so far has convinced you of the usefulness of primitive 
roots modulo a prime p. The powers of a primitive root produce a complete 
residue system that is often as useful as the canonical system. From a 
practical point of view, finding a primitive root is a necessary ingredient in 
the Diffie-Hellman public key exchange described in the last chapter. But 
although their existence is guaranteed, finding a primitive root modulo p is 
not completely straightforward. 

We know that a prime p has ¢(p — 1) primitive roots, which can be a 
large proportion of the numbers modulo p. For example, the prime 65,537 
has 37,768 primitive roots (although the preceeding prime 65,521 has only 
13,824 primitive roots). So trial and error is likely to produce a primitive 
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root without much trouble. But trial and error is an irksome procedure to 
many mathematicians. For them we offer the following theorem. 


Theorem (A Primitive Root Test). Let p be a prime. Then a is a primitive 
root modulo p if and only if for all factors f of p —1, 


p-l 


af #1 (mod p). 


This test just asserts that if ord, (a) is not a proper divisor of p—1, then a 
is a primitive root. But this is hardly a new insight. In addition, performing 
this test requires factoring p — 1, which is one of our “hard problems.” 

Unfortunately we do not have a recipe for conjuring up a primitive root 
for an arbitrary prime. The mathematician Emil Artin (1898-1962) made a 
conjecture regarding primitive roots that would imply the following. 


Conjecture (Artin’s Conjecture). Every integer which is neither —1 nor a 
perfect square is a primitive root for infinitely many primes. 


The conjecture is still unproven. In fact, there is not a single integer 
satisfying the hypotheses of Artin’s Conjecture for which we know the 
conjecture to be true, although such a statement is not meant to imply that 
no progress has been made. For example, we know that it suffices to show 
that the conjecture is true for just the primes; that is, it suffices to show 
that every prime is a primitive root for infinitely many other primes. 

Strangely, although we cannot cite a single example for which Artin’s 
Conjecture is true, we know that there are no more than two exceptions. 
But we have no idea what those exceptions might be. So for example, it 
is known that at least one of the primes 3, 5, or 7 is a primitive root for 
infinitely many primes, but we can’t say for sure that 3 is or that 5 is or that 
7 is! It’s also known that at least one of the primes 67867979, 256203221, 
or 2899999517 is a primitive root for infinitely many primes. If you are a 
betting person, we suggest you bet a dollar that 2899999517 is a primitive 
root for infinitely many primes. If you are ever proved wrong, we’ll buy 
you a fancy dinner at the restaurant of your choice and a car. 

Sometimes, focusing on primes of a special form can lead to interest- 
ing progress. Sophie Germain (1776-1831) was a French mathematician 
who made wonderful contributions to number theory. For cultural reasons 
of the period, she communicated much of her early work under the male 
pseudonym “Monsieur Le Blanc.” Under this pseudonym, she submitted 
one of her early manuscripts to Lagrange. Aware of the mathematical talent 
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required to produce such work, Lagrange discovered her true identity and 
became a mathematical mentor to Germain. 

Sophie Germain is credited with making one of history’s great advances 
towards a proof of Fermat’s Last Theorem. Fermat’s Last Theorem is the 
statement that there are no natural number solutions to the Diophantine 
equation 

x? + yf = 74 


when q is a natural number greater than 2. Sophie Germain studied the 
famous Fermat equation x? + y? = z% for primes q with the property that 
Pp = 2q-+ 1 is also prime. Such primes are now known as Sophie Germain 
primes. 

The orders of elements modulo a prime p = 2q + 1, where g is also 
prime, are very restricted. In fact, since the order of any element must divide 
p—1 = 24, we see that the only possible orders are 1, 2, g, and 2qg. There 
is only one element of order 1 (namely 1 itself), and only one element of 
order 2 (namely p — 1). And so the remaining elements split into those of 
order q and those of order 2, the latter being our primitive roots. In a 1909 
paper titled Methods to Determine the Primitive Root of a Number, G. A. 
Miller showed there is at least one element we can always count on to be 
in this latter group. 


Theorem (Miller’s Theorem). Let p be an odd prime of the form p = 
2q + 1 where q is an odd prime. Then the complete set of primitive roots 
modulo p are —(2)*, —(3)*,...,—(q)?. In particular, —4 is a primitive root 
of every prime of this form. 


So why didn’t Miller find the first example of an integer for which Artin’s 
Conjecture holds? Alas, unfortunately, it is still unknown whether or not 
there are infinitely many Sophie Germain primes. 

In the next chapter we introduce the Law of Quadratic Reciprocity, which 
will then allow you to prove Miller’s theorem above and describe a satisfy- 
ing symmetry among primitive roots and perfect squares modulo p in the 
world of Sophie Germain primes p. 


SS 
The Golden Rule: 
Quadratic Reciprocity 


Quadratic Congruences 


We previously analyzed the solutions to all linear Diophantine equations 
modulo a number n, that is, we investigated congruences ax = b (mod 7). 
We proved that we can find at least one number x that satisfies that con- 
gruence if and only if (a,n)|b. Now we investigate quadratics modulo n, 
that is, congruences that involve an unknown that is squared. As always, 
our exploration of this question begins with the easiest case we can think 
of, namely where the modulus is a prime and the quadratic expression is 
just to square x. In other words, we want to understand the congruence 


x? =a (mod p), 
where a is an integer and p is a prime. We seek to answer the question, 
“Which numbers are perfect squares modulo p and which are not?” 
This exploration of perfect squares modulo a prime p has fascinating 
insights that attracted the attention of some of the greatest mathematicians 
of all time. 


Quadratic residues 


Our first two theorems assert that our simplest quadratic congruences actu- 
ally encompass all cases. That is, any quadratic congruence modulo a prime 
can be replaced with a much simpler congruence. 


7.1 Theorem. Let p be a prime and let a, b, and c be integers with a 
not divisible by p. Then there are integers b’ and c’ such that the set of 
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solutions to the congruence ax* + bx +c =0 (mod p) is equal to the set 
of solutions to a congruence of the form x? + b'x +c’ =0 (mod p). 


7.2 Theorem. Let p be a prime, and let b and c be integers. Then there 
exists a linear change of variable, y = x + a with a an integer, trans- 
forming the congruence x? + bx + c = 0 (mod p) into a congruence of 
the form y? = B (mod p) for some integer B. 


Our goal is to understand which integers are perfect squares of other inte- 
gers modulo a prime p. The first theorem below tells us that half the natural 
numbers less than an odd prime p are perfect squares and half are not. To 
prove that theorem and some of the others in the chapter, keep the idea of a 
primitive root in mind. Remember that every prime p has a primitive root 
g and the set {0, g!, g?, g?,...,g-)} forms a complete residue system 
modulo p. This picture of the numbers modulo p is frequently valuable. 


7.3 Theorem. Let p be an odd prime. Then half the numbers not congruent 
to 0 in any complete residue system modulo p are perfect squares modulo 
p and half are not. 


As usual, it is a good idea to look at a specific example. You may want 
to do the following exercise with several primes. 


7.4 Exercise. Determine which of the numbers 1, 2, 3,..., 12 are per- 
fect squares modulo 13. For each such perfect square, list the number or 
numbers in the set whose square is that number. 


The following question asks you to rephrase your insight about perfect 
squares modulo a prime p in terms of their representation as the power of 
a primitive root. 


7.5 Question. Can you characterize perfect squares modulo a prime p in 
terms of their representation as a power of a primitive root? 


Perfect squares modulo a prime p attracted so much interest from number 
theorists that such squares are given their own alternative name, quadratic 
residue. Here is the definition. 


Definition. If a is an integer and p is a prime and a = b? (mod p) for 
some integer b, then a is called a quadratic residue modulo p. If a is 
not congruent to any square modulo p, then a is a quadratic non-residue 
modulo p. 
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We can rephrase our previous theorem in terms of quadratic residues. 


7.6 Theorem. Let p be a prime. Then half the numbers not congruent to 0 
modulo p in any complete residue system modulo p are quadratic residues 
modulo p and half are quadratic non-residues modulo p. 


From elementary school days, we have known that the product of a pos- 
itive number and a positive number is positive, a positive times a negative 
is negative, and the product of two negative numbers is positive. Quadratic 
residues and non-residues are related similarly. 


7.7 Theorem. Suppose p is an odd prime and p does not divide either of 
the two integers a or b. Then 


1. If a and b are both quadratic residues modulo p, then ab is a 
quadratic residue modulo p; 


2. If a is a quadratic residue modulo p and b is a quadratic non-residue 
modulo p, then ab is a quadratic non-residue modulo p; 


3. If a and b are both quadratic non-residues modulo p, then ab is a 


quadratic residue modulo p. 


One of the mathematicians who studied quadratic residues modulo p 
was the French mathematician Legendre. He invented a symbol called the 
Legendre symbol that gives a value of 1 to quadratic residues and —1 to 
quadratic non-residues. The symbol is convenient because it lets us express 
theorems like the previous one in a compact way. Here is the definition. 


Definition. For an odd prime p and a natural number a with p not dividing 
a, the Legendre symbol (¢) is defined by 
(<) _ Ji ifa is a quadratic residue modulo p, 

—1 if is a quadratic non-residue modulo p. 


Now we can express the preceding theorem using the Legendre symbol. 


7.8 Theorem. Suppose p is an odd prime and p does not divide either a 


—_— GG) 


Our goal is to be able to take an integer a and determine whether it is a 
quadratic residue modulo a prime p or a quadratic non-residue. Euler gave 
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one method for determining whether a number is a quadratic residue. The 
method depends on raising the number to the (p — 1)/2 power. 


7.9 Theorem (Euler’s Criterion). Suppose p is an odd prime and p does 
not divide the natural number a. Then a is a quadratic residue modulo 
p if and only if a®—-)/2 = 1 (mod p),; and a is a quadratic non-residue 
modulo p if and only if a®-)/2 = —1 (mod p). This criterion can be 
abbreviated using the Legendre symbol: 


gQP-V/2 = (<) (mod p). 
P 


The number | is always a quadratic residue. Other numbers modulo p 
sometimes are and sometimes are not quadratic residues, depending on p, 
but we can give a good description for when a number congruent to —1 
modulo a prime p is a quadratic residue. 


7.10 Theorem. Let p be an odd prime. Then —1 is a quadratic residue 
modulo p if and only if p is of the form 4k + 1 for some integer k. Or, 
equivalently, 


(+)- 1 ifp=1 (mod 4), 
~ 1-1 ifp=3 (mod 4). 


The following theorem identifies the square roots of —1 modulo p when 
p is congruent to 1 modulo 4. 


7.11 Theorem. Let k be a natural number and p = 4k + 1 be a prime 
congruent to 1 modulo 4. Then 


(£(2k)!)? =-1 (mod p). 


We end this section with one final application of Theorem 7.10. In Chap- 
ter 2 you proved there are infinitely many primes. Except for the prime 2, all 
primes are congruent to either 1 or 3 modulo 4. You proved that infinitely 
many primes are congruent to 3 modulo 4, but probably did not show that 
infinitely many primes are congruent to 1 modulo 4. 


7.12 Theorem (Infinitude of 44 + 1 Primes Theorem). There are infinitely 
many primes congruent to 1 modulo 4. 

(Hint: If p1, p2,.-., Pr are primes each congruent to 1 modulo 4, what 
can you say about each prime factor of the number N = (2p, po-++ pr)? + 
1?) 
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Gauss’ Lemma and quadratic reciprocity 


Euler’s criterion worked well for analyzing whether or not —1 is a quadratic 
residue or quadratic non-residue. But the computation of a?~!)/? modulo 
p for a general value of a is a non-trivial task. Gauss gave us a useful 
lemma which will allow us to proceed a little further with our strategy of 
analyzing particular numbers. 

It will be useful to have in mind a proof strategy that we found useful 
for proving Fermat’s Little Theorem and Euler’s Theorem. One proof of 
Fermat’s Little Theorem involved multiplying la-2a-3a-----(p—1)a and 
gathering the a’s to get the factor a‘?~!). Euler’s Criterion tells us that an 
integer a relatively prime to p is a quadratic residue modulo p if and only 
if a‘’?-))/2 is congruent to 1 modulo p. So let’s think about producing a 
product that will have a?—-)/? in it. 

Consider the numbers a, 2a, 3a, ..., Poa modulo p. These numbers 
are distinct modulo p (do you recall why?) and each is congruent to a 
member of the complete residue system 


p-l p-l 
Se OF eh 
2 2 


The product of these numbers, regardless of which complete residue system 
they come from, are congruent modulo p. 

For example, consider the case of a = 3 and p = 11, so wv = 5. We 
obtain the congruence 


3 - 2(3) -3(3) -4(3) -5(3) = 3-—5-—2-1-4 (mod 11), 


or 
3°-5!=5! (mod 11). 


Since 5! is not divisible by 11 we may cancel it from both sides to obtain 
3° = 1 (mod 11) which, by Euler’s Criterion, tells us that 3 is a quadratic 
residue modulo 11. The following lemma asserts that it was not just a 
coincidence that we obtained 5! on both sides of the congruence. 


7.13 Lemma. Let p be a prime, a an integer not divisible by p, and ry, ro, 

.., T(p-1) the representatives of a, 2d, ..., Poa in the complete residue 
Pea 

system 
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-1 
Pie SOs r=» = (-1)® (=): 


where g is the number of r;’s which are negative. 
(Hint: It suffices to show that we never have r; = —r; (mod p) for some 
i and j.) 


7.14 Theorem (Gauss’ Lemma). Let p be a prime and a an integer not 
divisible by p. Let g be the number of negative representatives of a, 2a, 


P=) q in the complete residue system \-251, ...,-1,0,1,..., pot 


= 
g)-o 
P 


Then 

We now apply Gauss’ Lemma to characterize those primes p for which 
2 is a quadratic residue. Consider the following data. Notice that for some 
primes p, 2 is a quadratic residue modulo p, and for others it is not. Make 
a conjecture that characterizes the primes in each category. The question 
after the data gives you a hint, so you might enjoy trying to devise your 
characterization before looking at the next question. 

Here are the first primes for which 2 is a quadratic residue: 


7, 17, 23, 31, 41, 47, 71, 73, 79, 89, 97, 103, 113, 127. 
Here are the first primes for which 2 is a quadratic non-residue: 
3,5, 11, 13, 19,29, 37, 43, 53, 59, 61, 67, 83, 101, 107, 109. 


7.15 Question. Does the prime’s residue class modulo 4 determine whether 
or not 2 is a quadratic residue? Consider the primes’ residue class modulo 
8 and see whether the residue class seems to correlate with whether or not 
2 is a quadratic residue. Make a conjecture. 


7.16 Theorem. Let p be an odd prime, then 


(<)- 1 if p= 1or7 (mod 8), 
P -1 ifp=3or5 (mod 8). 
‘ . 3 4 
You might fear that we will proceed to analyze (2) , then ( +), then 


(8), and so on for ever; however, fortunately, there is a shortcut. The 
shortcut occurs by making an observation about pairs of primes. If you have 
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two odd primes p and q, then whether p is a quadratic residue modulo g 
and whether g is a quadratic residue modulo p are related. As we have 
seen in the cases of —1 and 2, questions of being a perfect square modulo 
p are related to what p is modulo 4 or 8, so it is natural to consider the 
residues of p and g modulo 4 while investigating the relationship between 


() and (5), 


7.17 Exercise. Table 1 shows (2 ) for the first several odd primes. For 


example, the table indicates that (2) = |, but that (3) = —1. Make 


another table that shows when (2) = (4) and when (2) # (2). 


3 1 1 1 1] 1 1 

PS ft} [=a] [=tf—a} a [af a fot [=a] t [-1 [1 
|? ff—af—at [a |-af—af—a} a] a [-a} a [=a] a | -a] 
puff | fap [=t[—1}—1] a [=i] 1 | a | - 

13] [-uf—if—i] [a |-a] a |i 
ji7ff—1}—1{—a[—a] a] | a |-a]— 


23] 1 |-1{—1[—1] 1 [-1]-a] | 
2oqf—1] a | a [=a] 1 [1] -1] 1 | 

[3a ff—1] [a [-a}—a[—a] a |-i[—i] | - 
37] a ft] a [a [-1[-1]-1]—i[-i[-i] | 1 

jaa] a | a [—a[—a]—a{—af—a} a [-afia | at | ot |-a] 
431} —t]—af aft [it ft] a [=f it [aft] 
jar] a [=a a [af af a [=a] —af-af-a] a [-aj-a] | 


Table 1. Values of (4) for p across the top and g down the side. 


| 1 | 
ft | =1| 
2 
lofi} a fafa [=i] | a [-1|-1]- 
| =i 
| | 


BREE 
|=1|-1] 1 |-1 

1}—1] 1 | 
peter) aly 
f=1[ 1 |=1] 1 
Pat] Stet 
BE 
MRE 


7.18 Exercise. Make a conjecture about the relationship between (2) and 
(4) depending on p and q. 


Your conjecture is called “quadratic reciprocity.” 
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7.19 Theorem (Quadratic Reciprocity Theorem—Reciprocity Part). Let p 
and q be odd primes, then 


(2) - (4) ifp =1 (mod 4) org=1 (mod 4), 
-(4) if p =q=3 (mod 4). 


(Hint: Try to use the techniques used in the case of (2) 


Putting together all our insights, we can write one theorem that we call 
the Law of Quadratic Reciprocity. 


Theorem (Law of Quadratic Reciprocity). Let p and q be odd primes, then 


1 (=)- 1 ifp=1 (mod 4), 
~ )-1 if p =3 (mod 4), 


3 (<)- 1 if p = | (mod 8) or p =7 (mod 8), 
“\p)” )-1. if p =3 (mod 8) or p = 5 (mod 8), 


3 (4)- (4) if p = 1 (mod 4) or g = 1 (mod 4), 
-(£) ifp=q =3 (mod 4). 


Recall that we proved that if p is an odd prime and p does not divide 
a or b, then (#) = (¢) (4). That fact along with the Law of Quadratic 
Reciprocity lets us develop an effective technique for determining for any 


integer a whether or not it is a quadratic residue modulo the prime p. 


7.20 Exercise (Computational Technique). Given a prime p, show how 
you can determine whether a number a is a quadratic residue modulo p. 
Equivalently, show how to find (4). To illustrate your method, compute 
(2258) and some other examples. 

7.21 Exercise. Find all the quadratic residues modulo 23. 


The Law of Quadratic Reciprocity allows us to determine whether or 
not an integer is a perfect square modulo a prime p; however, it does not 
help us to actually find the square roots. Sometimes we can obtain general 
expressions for certain square roots, as we did in Theorem 7.11. But there 
is no known algorithm for doing that in general. 
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Sophie Germain is germane, Part Il 


Recall from Chapter 6 that a Sophie Germain prime is a prime qg for which 
P = 2q + 1 is also prime. For example, 23 is a Sophie Germain prime 
since 47 = 2-23 + 1 is also prime. 

We know that for any prime p, the order of any integer a relatively prime 
to p must divide p — 1. If p is a prime, p = 2q + 1, and q is also prime, 
then p — 1 = 2q, so the elements modulo p have orders either 1, 2, g, or 
2q (since these are all the possible divisors of p — 1). We know that | and 
p— | are, respectively, the only elements of order 1 and 2. So we conclude 
that every natural number a with 1 <a < p—1, must have order either g 
or 2q, where those with order 2g are the primitive roots modulo p. Euler’s 
Criterion can help us characterize the elements of order q. 


7.22 Theorem. Let p be a prime of the form p = 2q + 1 where q is a 
prime. Then every natural number a, 0 <a < p—1, is either a quadratic 
residue or a primitive root modulo p. 


Let’s illustrate the above theorem by looking at the example furnished 
by the primes g = 11 and p = 23. According to the above theorem, each 
of the numbers 2, 3, ..., 21 is either a quadratic residue of order 11 (= q) 
modulo 23 or a primitive root modulo 23. In Exercise 7.21 you computed 
the quadratic residues modulo 23, yielding the numbers 


2,3,4, 6,8, 9, 12,13,16,18 (mod 23) 


(the number | is a quadratic residue as well, but is not one of order q). It 
follows that the primitive roots modulo 23 must be given by 


5,7, 10, 11, 14, 15,17, 19, 20,21 (mod 23). 


And in fact, putting together the list of primitive roots (in bold) and the list 
of quadratic residues greater than | (underlined), we have 


2, 3, 4,5, 6, 7, 8, 9,10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21 (mod 23), 


which is a complete list of all numbers from 2 to 21 modulo 23. 

A second and more subtle observation we might make about the above 
list of numbers modulo 23 has to do with symmetry. If you imagine a 
vertical line dividing the list between the numbers 11 and 12, a certain sort 
of mirror symmetry appears. In fact, it might be better described as “anti- 
symmetry”, as the mirror image of a primitive root is a quadratic residue, 
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and vice versa. This symmetry is a consequence of a more general property 
shared by primes arising from odd Sophie Germain primes. 


7.23 Theorem. Let p be a prime congruent to 3 modulo 4. Let a be a 
natural number with 1 <a < p—1. Then a is a quadratic residue modulo 
P if and only if p —a is a quadratic non-residue modulo p. 


7.24 Theorem. Let p be a prime of the form p = 2q + 1 where q is an 
odd prime. Then p = 3 (mod 4). 


The next theorem describes the symmetry between primitive roots and 
quadratic residues for primes arising from odd Sophie Germain primes. 


7.25 Theorem. Let p be a prime of the form p = 2q+1 where q is an odd 
prime. Let a be a natural number, 1 <a < p—1. Then a is a quadratic 
residue if and only of p —a is a primitive root modulo p. 


An attractive property of primes that arise from Sophie Germain primes 
is that they have primitive roots that we can actually compute. We saw the 
statement of this fact in Miller’s Theorem in Chapter 6. Here we ask you 
to prove some theorems that will allow you to prove Miller’s Theorem. We 
first note that perfect squares cannot be primitive roots modulo p for any 
prime p. 


7.26 Theorem. Let p be a prime and a be an integer. Then a? is not a 
primitive root modulo p. 


Next we see that natural numbers less than half a prime p cannot yield 
equivalent squares modulo p. 


7.27 Theorem. Let p be a prime and let i and j be natural numbers with 
i # j satisfying 1 <i, j < 4. Then i* # j” (mod p). 


Now we start to deal with primes p that arise from Sophie Germain 
primes. Here we list all the integers modulo p that are not primitive roots 
modulo p. 


7.28 Theorem. Let p be a prime of the form p = 2q +1 where q is an 
odd prime. Then the complete set of numbers that are not primitive roots 
modulo p are 1,—1,27,37,...,q?. 

Now we can prove Miller’s Theorem that characterizes the primitive roots 
of a prime that arises from a Sophie Germain prime. 
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7.29 Theorem. Let p be a prime of the form p = 2q +1 where q is 
an odd prime. Then the complete set of primitive roots modulo p are 
—2?, -37,...,-q?. 


7.30 Exercise. Verify that the primitive roots modulo 23 that we listed 
earlier in this section are in fact the same as those given by Miller’s 
Theorem. 


7.31 Exercise. List the primitive roots and quadratic residues modulo 47. 


We are able to analyze primes that arise from Sophie Germain primes 
successfully because we have such useful information about the prime fac- 
torization of p — 1. Of course, these special primes are rare. So many ques- 
tions remain about how to find and describe primitive roots and perfect 
squares modulo more general primes. 


7.32 Blank Paper Exercise. After not looking at the material in this chap- 
ter for a day or two, take a blank piece of paper and outline the development 
of that material in as much detail as you can without referring to the text 
or to notes. Places where you get stuck or can’t remember highlight areas 
that may call for further study. 


LL 
Pythagorean Triples, 
Sums of Squares, and 
Fermat’s Last Theorem 


Congruences to Equations 


The Law of Quadratic Reciprocity gives us a neat view of which numbers 
are squares modulo a prime p. Information about squares modulo p can help 
us to understand actual numbers and equations in addition to modular num- 
bers and congruences. In this chapter and the next we turn from quadratic 
congruences to quadratic (and higher order) Diophantine equations. We start 
with a quadratic equation we should all have some familiarity with from 
its connections to right triangles and the Pythagorean Theorem. Some of 
the questions will lead us to ask which numbers can be written as sums of 
squares, and the Law of Quadratic Reciprocity will help us find an answer. 
Finally, we turn to one of the most famous recent results of number theory, 
Fermat’s Last Theorem. 


Pythagorean triples 


The Pythagorean Theorem asserts that the sum of the squares on the legs 
of a right triangle equals the square on the hypotenuse. Said another way, 
the lengths of the sides of a right triangle always provide a solution to the 
equation 

x24 y2 = 2? 
by substituting the lengths of the legs for x and y and the length of the 
hypotenuse for z. In this section we consider the above quadratic as a 
Diophantine equation, that is, we consider only its integer solutions. 
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Definition. A triple of three positive integers (a, b, c) satisfying a? + b? = 
c? is called a Pythagorean triple. 


Due to the close relationship with right triangles, the values a and b ina 
Pythagorean triple will sometimes be referred to as the /egs, and the value 
c as the hypotenuse. 

There are no Pythagorean triples in which both legs are odd. 


8.1 Theorem. /f (a, b,c) is a Pythagorean triple, then at least one of a or 
b is even. 


The most famous Pythagorean triples are (3,4,5) and (5,12, 13), but 
there are infinitely many. Let’s begin by just finding a few. 


8.2 Exercise. Find at least seven different Pythagorean triples. Make a 
note of your methods. 


You may have discovered how to generate new Pythagorean triples from 
old ones through multiplication. Namely, if (a,b,c) is any Pythagorean 
triple and d is any natural number, then (da, db, dc) is also a Pythagorean 
triple. Pythagorean triples that are not simply multiples of smaller Pythagorean 
triples have a special designation. 


Definition. A Pythagorean triple (a,b,c) is said to be primitive if a, b, 
and c have no common factor. 


There are infinitely many primitive Pythagorean triples, so let’s start by 
finding a few. 


8.3 Exercise. Find at least five primitive Pythagorean triples. 


We saw earlier that no Pythagorean triple has both legs odd, but for 
primitive Pythagorean triples, the legs cannot both be even either. 


8.4 Theorem. Jn any primitive Pythagorean triple, one leg is odd, one leg 
is even, and the hypotenuse is odd. 


It turns out that there is a method for generating infinitely many Pythagorean 
Triples in an easy way. It comes from looking at some simple algebra from 
high school. Remember that 

(x+y)? =x? 4+2xy+ y? 


and 
(x — y)? =x? -—2xy + y?. 
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The difference between the two is 4xy. So we have a relationship that 
looks almost like a Pythagorean triple, namely, one square (x + y)? equals 
another square (x — y)” plus something that we wish were a square, namely 
4xy. How could we ensure that 4xy is a square? Simple, just choose x 
and y to be squares. This kind of analysis leads to the following theorem. 


8.5 Theorem. Let s and t be any two different natural numbers with s > t. 
Then 


(2st, (s? — 17), (s? + 27)) 
is a Pythagorean triple. 


The preceding theorem lets us easily generate infinitely many Pythagorean 
triples, but, in fact, every primitive Pythagorean triple can be generated by 
choosing appropriate natural numbers s and ¢ and making the Pythagorean 
triple as described in the preceding theorem. As a hint to the proof, we 
make a little observation. 


8.6 Lemma. Let (a,b,c) be a primitive Pythagorean triple where a is 
the even number. Then rh and a are perfect squares, say, s* and t?, 
respectively; and s and t are relatively prime. 


So now we can completely characterize all primitive Pythagorean triples. 


8.7 Theorem (Pythagorean Triple Theorem). Let (a,b,c) be a triple of 
natural numbers with a even, b odd, and c odd. Then (a, b, c) is a primitive 
Pythagorean triple if and only if there exist relatively prime positive integers 
s and t, one even and one odd, such that a = 2st, b = (s? — t*), and 
c = (s? +17). 


The formulas given in the Pythagorean Triple Theorem allow us to in- 
vestigate the types of numbers that can occur in Pythagorean triples. Let’s 
start our investigation by looking at examples. 


8.8 Exercise. Using the above formulas make a lengthy list of primitive 
Pythagorean triples. 


We’ll begin by looking at the legs and then think about the hypotenuse 
later. 


8.9 Exercise. Make a conjecture that describes those natural numbers that 
can appear as legs in a primitive Pythagorean triple. 
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You might have come up with the following theorem. 


8.10 Theorem. Jn every primitive Pythagorean triple, one leg is an odd 
integer greater than | and the other is a positive multiple of 4. 


This observation does not tell us which odd numbers are allowable or 
which multiples of 4 occur, but in fact every odd number and every multiple 
of 4 occurs as a leg in a Pythagorean triple. 


8.11 Theorem. Any odd number greater than | can occur as a leg ina 
primitive Pythagorean triple. 


8.12 Theorem. Any positive multiple of 4 can occur as a leg in a primitive 
Pythagorean triple. 


To analyze what numbers can occur as the hypotenuse of a primitive 
Pythagorean triple is a bit trickier. It amounts to investigating the general 
problem of representing numbers as sums of two squares. 


Sums of squares 


The question we seek to answer is, for which numbers 1 does the Diophan- 
tine equation 
2 Drs 
x“ +y" =n 


have a solution? As usual we will first investigate the case of primes. 


8.13 Question. Make a list of the first fifteen primes and write each as the 
sum of as few squares of natural numbers as possible. Which ones can be 
written as the sum of two squares? Make a conjecture about which primes 
can be written as the sum of two squares of natural numbers. 


Your conjecture likely singles out those primes that are congruent to | 
modulo 4. 


Theorem. Let p be a prime. Then p can be written as the sum of two 
squares of natural numbers if and only if p = 2 or p =1 (mod 4). 


There are really two theorems here and we will state them separately 
below. The first is a much simpler theorem to prove than the second. 


8.14 Theorem. Let p be a prime such that p = a* + b? for some natural 
numbers a and b. Then either p = 2 or p = 1 (mod 4). 
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The fact that every prime congruent to 1 modulo 4 is expressible as the 
sum of two squares is more challenging to prove. As you work to prove this 
result in the next few theorems it is worthwhile to recall another theorem 
you recently proved about primes that are congruent to 1 modulo 4. For 
primes congruent to 1 modulo 4, —1 is a quadratic residue; that is, for any 
prime p that is congruent to 1 modulo 4, there is some natural number a 
such that a? is congruent to —1 modulo p. To prove the second theorem, 
try applying the following lemma to a square root of —1 modulo p. 


8.15 Lemma. Let p be a prime and let a be a natural number not divisible 
by p. Then there exist integers x and y such that ax = y (mod p) with 


0 < |x|. 1yl < VP. 


8.16 Theorem. Let p be a prime such that p = 1 (mod 4). Then p is 
equal to the sum of two squares of natural numbers. 

(Hint: Try applying the previous lemma to a square root of —\ modulo 
Pp) 

Knowing which primes can be written as the sum of two squares is a 
great start, but that does not yet answer the question as to which numbers 


can occur as the hypotenuse of a primitive Pythagorean triple. We need a 
strategy for moving from primes to products of primes. 


8.17 Exercise. Check the following identity: 
(a? + b?)(c? +d?) = (ac + bd) + (be — ad)’. 


The preceding exercise tells us that the products of sums of two squares 
are themselves sums of two squares. 


8.18 Theorem. /f an integer x can be written as the sum of two squares of 
natural numbers and an integer y can be written as the sum of two squares 
of natural numbers, then xy can be written as the sum of two squares of 
natural numbers. 


Let’s try writing a few numbers as sums of squares of natural numbers. 


8.19 Exercise. For each of the following numbers, (i) determine the num- 
ber’s prime factorization and (ii) write the number as the sum of two 
squares of natural numbers. 


1. 205 
2. 6409 
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3.722, 
4. 11745 


8.20 Question. Which natural numbers can be written as the sum of two 
squares of natural numbers? State and prove the most general theorem 
possible about which natural numbers can be written as the sum of two 
squares of natural numbers, and prove it. 


We give the most general result next. 


8.21 Theorem. 4 natural number n can be written as a sum of two squares 
of natural numbers if and only if every prime congruent to 3 modulo 4 in 
the unique prime factorization of n occurs to an even power. 


Pythagorean triples revisited 


We are now in a position to describe the possible values for the hypotenuse 
in a primitive Pythagorean triple. 


8.22 Theorem. Jf (a,b,c) is a primitive Pythagorean triple, then c is a 
product of primes each of which is congruent to 1 modulo 4. 


8.23 Theorem. /f the natural number c is a product of primes each of 
which is congruent to 1 modulo 4, then there exist integers a and b such 
that (a, b,c) is a primitive Pythagorean triple. 


Having satisfactorily analyzed the question of which squares are the sum 
of two smaller squares, it is natural to ask the analogous question for higher 
powers, and Pierre de Fermat did ask that question in what became known 
as Fermat’s Last Theorem. 


Fermat’s Last Theorem 


There are infinitely many Pythagorean triples of natural numbers (a, b,c) 
such that a? +b? = c”. A natural question arises if we replace the exponent 
2 with larger numbers. In other words, can we find triples of natural numbers 
(a, b,c) such that a3+b? = c3 or a++b* = c*, or, in general, a”-+b” = c” 
for n > 3? In 1637, Fermat claimed to be able to prove that no triple of 
natural numbers (a, b, c) exists that satisfies the equation a” + b” = c” for 
any natural number n > 3. During his lifetime, Fermat probably realized 
his “proof” was inadequate, but the question tantalized mathematicians for 
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hundreds of years. Incremental progress was made. By 1992 it was known 
that the equations a” + b” = c” had no natural number solutions for 
3 < n < 4,000, 000 (as well as many other special cases). But there are 
infinitely many possible exponents larger than 4, 000, 000, so Fermat’s Last 
Theorem was far from being resolved. But all the remaining exponents were 
taken care of by the groundbreaking work of Andrew Wiles, which took 
place some 350 years after Fermat first considered the question. 


Theorem (Fermat’s Last Theorem, proved by Andrew Wiles in 1994). For 
natural numbers n > 3, there are no natural numbers x, y, Zz such that 
x” + y” — zn. 


We probably won’t find a proof of this theorem ourselves since it took 
many high-powered mathematicians 350 years to do so. Instead, let’s look 
at one case of this theorem which can be proved using a strategy known 
as Fermat’s method of descent. The method involves showing how a given 
solution in natural numbers can be used to produce a “smaller” natural num- 
ber solution. That new solution would imply the existence of a yet smaller 
solution, and so on. Since any decreasing sequence of natural numbers must 
be finite in length, the method of descent implies that there could not be a 
solution to begin with. Let’s see how this strategy can be used to prove the 
case of Fermat’s Last Theorem when the exponent is 4. 

In fact, notice that the following statement is a little stronger than what 
is called for in Fermat’s Last Theorem since the z is squared rather than 
raised to the fourth power. 


8.24 Theorem. There are no natural numbers x, y, and z such that x* + 
4 2 


5 eee Aa 

(Hint: Note that if there were a solution x = a, y = b, and z = c, then 
(a*, b?,c) would be a Pythagorean triple, which we could assume to be 
a primitive Pythagorean triple by removing common factors. Can you use 
the characterization of Pythagorean triples to find other natural numbers 
d, e, f such that d* +e* = f? where f is less than c? If you can do 


that, how can you complete your proof?) 


8.25 Blank Paper Exercise. After not looking at the material in this chap- 
ter for a day or two, take a blank piece of paper and outline the development 
of that material in as much detail as you can without referring to the text 
or to notes. Places where you get stuck or can’t remember highlight areas 
that may call for further study. 
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Who’s Represented? 


Representing numbers as the sum of two squares had immediate practical 
relevance to the description of Pythagorean triples. But it is also a problem 
that lends itself well to many different possible directions of generalization. 
For example, 


1. Which numbers can be represented as the sum of three squares; sum 
of four squares; etc.? 


2. Which numbers can be represented as the sum of two cubes; sum of 
two fourth powers; etc.? 


Mathematicians have given much attention to all of these questions. This 
is another one of the many instances of simple sounding questions leading 
to deep and important mathematics. 


Sums of squares 


Albert Girard (1595-1632) appeared to know as early as 1625 which num- 
bers could be written as the sum of two squares, although a proof due to 
Girard is lacking. Descartes proved in a 1638 letter to Mersenne that primes 
of the form 4n + 3 could not be represented as a sum of two squares. Fer- 
mat stated in a letter to Blaise Pascal (1623-1662) in 1654 that he had a 
proof of the fact that primes of the form 4n + 1 were always the sum of 
two squares. But a proof of Girard’s complete (and correct) observation 
would have to wait for Euler, who gave a complete proof in two letters to 
Goldbach dated 1747 and 1749. 

What about representing numbers as the sum of three squares? In a letter 
to Mersenne dated 1636, Fermat stated (again without proof!) that no integer 
of the form 87+7 could be expressed as the sum of three squares. Mersenne 
communicated the claim to Descartes who provided a proof in 1638. The 
complete characterization is given here. 


Theorem. 4 natural number can be expressed as the sum of three squares 
of natural numbers if and only if it is not of the form 4"(8k + 7) for 
non-negative integers n and k. 


The proof of this theorem is due in large part to Legendre, but a key step 
also requires Dirichlet’s work on primes in arithmetic progressions. 

What about sums of four squares? Fermat stated that he had a proof 
of the fact that every number is either a square or the sum of two, three, 
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or four squares, although, as we now expect when dealing with Fermat, no 
proof was communicated. Building on the work of Fermat and Euler, it was 
Lagrange in 1770 who finally provided the proof of the following theorem. 


Theorem (Four Squares Theorem). Every natural number is the sum of at 
most four squares of natural numbers. 


A key identity needed for Lagrange’s proof was due to Euler, who spent 
more than 40 years trying to establish the Four Squares Theorem. Euler 
established an amazing identity showing that the product of two numbers, 
each of which can be expressed as the sum of four squares, is also a sum 
of four squares, namely, 


(az + a3 +. a3 +.a2)(b? + b3 + b3 +b?) 
= (a,b, + agbz +.43b3 + agb4)* 
+ (a,b2 —azb, + a3b4 — a4b3)” 
+ (a,b3 — dazb4 —a3b, + abo)" 
+ (a,b4 + azb3 — a3b2 — aab)*. 


Sums of cubes, taxicabs, and Fermat’s Last Theorem 


Euler, in 1770, provided us with a proof of the first case of Fermat’s Last 
Theorem by establishing that no cube is the sum of two cubes. Of the 
numbers which can be expressed as the sum of two cubes, perhaps 1729 is 
the most famous. 

Suffering from tuberculosis and lying in a hospital bed in London, the 
young Indian mathematician Ramanujan (1887-1920) was paid a visit by 
his friend and mentor G. H. Hardy (1877-1947). Hardy remarked that he 
had arrived in a taxicab numbered 1729, which he considered a rather dull 
number. Ramanujan responded that 1729 is not dull at all. It is, in fact, 
the smallest number that can be expressed as the sum of two cubes in two 
essentially distinct ways, 


1729 = 174+ 123 = 93 + 10°. 


Said another way, there are (at least) four distinct integer points, namely 
(1, 12), (12, 1), (9, 10), and (10, 9), on the cubic plane curve 


x3 + y? = 1729, 


Taking statements about numbers and transforming them into statements 
about points on curves (or surfaces, etc.) is now a fairly common practice 
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in the field of arithmetical geometry. For example, in studying whether the 
number m is expressible as a sum of two cubes, the corresponding plane 
curve is given by 

x? + > =m. 


This is another example of what is known as an elliptic curve. While 
naturally arising when looking at the problem of expressing a number as the 
sum of two cubes, elliptic curves have also played a much more central role 
in the modern development of number theory. They are the central objects 
under study in Andrew Wiles’ proof of Fermat’s Last Theorem. 

In 1990 it was known that if (a,b,c) were a triple of natural numbers 
satisfying an equation of the form 


a? +b? =c?, 


where p is a prime greater than 2 (i.e., if the triple (a,b,c) provided a 
counterexample to Fermat’s Last Theorem), then the curve 


y? = x(x —a?)(x +b?) 


would be an elliptic curve with some very strange properties. The precise 
statement is that the curve would be semistable but not modular, although 
the exact meanings of these words is beyond the scope of this book. Such 
a curve was believed not to exist. More precisely, it was believed by many 
(and was the content of the Shimura-Taniyama Conjecture) that all elliptic 
curves were modular. This conjecture is now known to be true. The first 
major contribution to the proof of the Shimura-Taniyama Conjecture was 
due to Wiles with the help of his student Richard Taylor. Wiles and Taylor 
proved in 1994 that all semistable elliptic curves are modular, once and 
for all confirming the truth of Fermat’s Last Theorem. 


te 
Rationals Close to Irrationals 
and the Pell Equation 


Diophantine Approximation and Pell Equations 


Linear Diophantine equations were considered and solved in Chapter 1. 
In the previous chapter we asked which natural numbers could be written 
as the sum of two squares. That is, we sought solutions to the quadratic 
Diophantine equation x? + y? = n which in turn gave us a complete 
description of the natural numbers that could occur as the hypotenuse in 
a primitive Pythagorean triple. In this chapter we consider one additional 
family of quadratic Diophantine equations called Pell equations. A Pell 
equation is any equation of the form x* — Ny? = 1 where N is any 
natural number. These equations have surprising connections to at least 
two different issues. One is a famous Bovine Problem about herds of cows 
and bulls whose sizes are related in various ways. This story problem was 
framed by Archimedes (287—212 B.C.) in the third century B.C. and was not 
completely solved until 1965. The minimum number of cattle that would 
satisfy the conditions of Archimedes’ problem is vastly greater than the 
number of atoms in the universe, so you may not encounter all of them 
during the running of the bulls. 

On a less frivolous note, the so-called Pell equations are also connected 
with the subject of Diophantine approximation; namely, the study of rational 
number approximations to irrational quantities. Of course, every irrational 
number can be arbitrarily closely approximated by rational numbers by just 
truncating the decimal representation of the irrational number, but here we 
consider the question of finding rational approximations where the size of 
the denominator of the approximating fraction is small relative to how close 
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the approximation is. One challenge is to clarify the questions about rational 
approximations. Then we will find that the Pell equations, x? — Ny? = 1, 
help us analyze good rational approximations of certain irrational numbers. 

Unfortunately, the name of the Pell equations is a misnomer. Mathemati- 
cian John Pell (1611—1685) had little if anything to do with the study of the 
equations which now bear his name. In a published paper Euler mistakenly 
attributed what is believed to be the work of William Brouncker (1620- 
1684) to Pell, and the name has stuck. So there are at least two roads to 
mathematical immortality—prove something great or have a famous person 
think you proved it. 


A plunge into rational approximation 


Irrational numbers can sometimes pose a problem when it comes to practical 
computation. In practice, we always have to rely on rational approximations 
when irrationals are involved. We have all used close rational approxima- 
tions in order to simplify and expedite solutions to problems that involve 
irrational numbers. For example, 1.414 is a convenient approximation for 
J/2; and 3.14 or 2 are often used as approximations for z. In fact, wise 
political minds have not overlooked the advantages of rational approxima- 
tions to 2. At times politicians have considered cutting the Gordian Knot 
by legislating z to equal a convenient rational value. In 1897, the Indiana 
Legislature considered and nearly accomplished the passage of such legis- 
lation; however, after being recommended for passage by the Committee on 
Education and passed by the House, a mathematician gave some advice that 
derailed this progressive legislation and the bill floundered in the Senate. 
Too bad. 

Let’s begin our investigation into rational approximations of irrational 
numbers by observing that it is an easy matter to approximate irrational 
numbers by fractions ¢ that lie within + of the irrational. Recall that the 
quantity |x — y| measures the distance between the numbers x and y. 


9.1 Theorem. Let a be an irrational number and let b be a natural number. 
Then there exists an integer a such that 


le-f1<5 


So a harder challenge of rational approximation is to find fractions ¢ 
that lie within a smaller distance of the target irrational, for example, within 
ree One technique for finding such approximations involves noticing that 
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in any large collection of real numbers, some pair of them must have a 
difference that is close to being an integer in value. We begin by considering 
multiples of /2 and asking you to find a way to produce a good rational 
approximation to /2. 


9.2 Exercise. Among the first eleven multiples of V2, 
0V2, V2,2V2,3V2,...,10V2, 


find the two whose difference is closest to a positive integer. Feel free to use 
a calculator. Use those two multiples to find a good rational approximation 
for /2. By good, we mean that you find integers a and b such that 


+ — v3 < 5. 


The technique of using a list of integer multiples to obtain good approxi- 
mations to an irrational number is a valuable strategy to understand well. So 
after doing the previous exercise, think carefully about your method to see 
how generally the method can be applied and how each step was involved 
in the solution. To understand the method, do it once again for /7. 


9.3 Exercise. Repeat the previous exercise for 7 using the first 13 mul- 


tiples of V7. 


Before we move along any further, was it important in the previous two 
exercises that the irrational being approximated was a square root? 


9.4 Exercise. Repeat the previous exercise for m, using the first 15 multi- 
ples of 1. 


Now take some time to think through what you have done and why it 
works. By considering the following questions you are exploring how the 
preceding specific examples can be extended to apply to more general cases. 


9.5 Question. Let a be an irrational number. 


1. Imagine making a list of the first 11 multiples of a. Can you predict 
how close to an integer the nearest difference between two of those 
numbers must be? 


2. Now imagine making a list of 11 multiples of a, but not the first 11. 
Can you still predict how close to an integer the nearest difference 
between two of those numbers must be? 
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3. Now imagine making a list of 50 multiples of a, rather than just 11. 
Can you predict how close to an integer the nearest difference between 
two of those numbers must be? 


4. What is the general relationship between how many multiples of « 
we consider and how well we can rationally approximate a using our 
multiples? 


The next three theorems formalize what you may have discovered in the 
preceding group of questions. 


9.6 Theorem. Let K be a positive integer. Then, among any K real num- 
bers, there is a pair of them whose difference is within 1/K of being an 
integer. 


When we take our collection of real numbers to be multiples of an ir- 
rational number, then we can find good rational approximations for the 
irrational number. Remember how multiples of an irrational could lead to 
rational approximations of the irrational by finding multiples whose differ- 
ence is close to an integer. 


9.7 Theorem. Let a be a positive irrational number and K be a positive 
integer. Then there exist positive integers a, b, and c withO<a<b< K 
and 0 <c < Ka such that 


pao 
—a (b—a) 


Theorem 9.6 told us that increasingly large collections of real numbers 
contain pairs whose differences get increasingly close to being an integer. 
Now you will need to understand your proof of the above theorem suf- 
ficiently well so that you can figure out how to make (b — a) arbitrarily 
large. You might consider the fact that for an irrational number aq, any fixed, 
finite collection of multiples of a will have every difference of every pair 
of those multiples differing from being an integer by at least some specific 
non-zero amount. So taking a yet bigger collection of multiples will give 
you a pair whose difference is even closer to being an integer. That obser- 
vation might help to generalize your technique to prove Dirichlet’s Rational 
Approximation Theorem. 


9.8 Theorem (Dirichlet’s Rational Approximation Theorem, Version I). Let 
a be any real number. Then there exist infinitely many rational numbers ¢ 
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satisfying 


It is often useful to put the same result in different forms, because the 
different forms might help us to see a connection with some other work. 
In this case, the following alternative form of Dirichlet’s Rational Approxi- 
mation Theorem takes the first step toward making the connection between 
rational approximation and Pell’s equation. 


Theorem (Dirichlet’s Rational Approximation Theorem, Version II). Let 
a be any real number. Then there exist infinitely many integers a and b 


satisfying 


1 
a—ba|<-. 
la — bal = 5 
Before going further, let’s confirm that these two versions of Dirichlet’s 
Rational Approximation Theorem actually are equivalent. 


9.9 Theorem. Show that Versions I and II of Dirichlet’s Rational Approx- 
imation Theorem can be deduced from one another. 


If we consider the special case where a is the square root of a natural 
number, we get a form of Dirichlet’s Rational Approximation Theorem that 
looks even more like Pell’s Equation. 


Theorem (Dirichlet’s Rational Approximation Theorem, Version III). Let 
N be a positive integer that is not a square. Then there exist infinitely 
many positive integers a and b satisfying 


la—bVN] < : 


>| 


The connection between Pell equations and rational approximations to 
irrational numbers that are square roots of natural numbers is not hard to 
make. 


9.10 Exercise. Show that if N is a natural number which is not a square 
and x = a and y = b is a positive integer solution to the Pell equation 
x? — Ny? = 1, then % gives a good rational approximation to VN. 

The next theorem clarifies that by a “good” rational approximation we 
mean the same thing that occurs in Dirichlet’s Theorem Version I. 
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9.11 Theorem. Let N be a positive integer that is not a square. If x =a 
and y = b is a solution in positive integers to x? — Ny” = 1, then 


+ — VN <5. 


So we see that solutions in positive integers to the Pell equation x? — 
Ny? = 1 give rise to good approximations to the irrational number JN. 
So our challenge now is to analyze the Pell equation and see whether we 
can find solutions. We’ll start by disposing of trivial cases so that we can 
focus on the ones that count. 


Out with the trivial 


In Chapter 1 we considered the family of linear Diophantine equations 
ax+by=c. 


Certain values of the parameters a, b, and c lead to Diophantine equations 
with no hope of having solutions. For example, the equation 6x + 3y = 17 
will not have any integer solutions because the left-hand side will always 
be divisible by 3, and the right-hand side will never be divisible by 3. 

When working with a parameterized family of equations, it is worthwhile 
making an effort to recognize whether certain values of the parameters will 
lead to obvious conclusions or whether there are some trivial solutions that 
are not of interest. Let’s try this with the Pell equations x7 — Ny” = 1, 
which have the single parameter, the natural number JN. 


9.12 Question. For every natural number N, there are some trivial values 
of x and y that satisfy the Pell equation x? — Ny? = 1. What are those 
trivial solutions? 


Let’s pin that down by making the following definitions of trivial and 
non-trivial solutions. 


Definition. Let N be a natural number. The trivial solutions to the Dio- 
phantine equation x? — Ny? = 1arex=1, y =Oandx=—l, y=0. 
All other integer solutions are non-trivial. 


9.13 Question. For what values of the natural number N can you easily 
show that there are no non-trivial solutions to the Pell equation x*—Ny” = 
1? 
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We record your observation in the following theorem. 


9.14 Theorem. /f the natural number N is a perfect square, then the Pell 
equation 
x?—Ny?=1 


has no non-trivial integer solutions. 


After all this talk about trivial solutions, let’s at least confirm that in 
some cases non-trivial solutions do exist. 


9.15 Exercise. Find, by trial and error, at least two non-trivial solutions 
to each of the Pell equations x? —2y” = 1 and x? — 3y? = 1. 


Bolstered by the existence of solutions for N = 2 and N = 3, our focus 
from this point forward will be on finding non-trivial solutions to the Pell 
equations x” — Ny? = 1 where N is a natural number that is not a perfect 
square. 


New solutions from old 


For a positive integer N that is not a perfect square, the non-trivial solutions 
to x? — Ny? = 1 come to us in natural groups of four since the square of 
a negative number is positive. 


9.16 Question. Zo know ail the integer solutions to a Pell equation, why 
does it suffice to know just the positive integer solutions? 


One solution to a Pell equation gives rise to related ones by taking nega- 
tives, but there are other ways to take some solutions and combine them to 
create other solutions. Since 1 times 1 equals 1, multiplication of solutions 
also gives a new solution. Here is what we mean. 


9.17 Theorem. Suppose N is a natural number and the Pell equation 
x?—Ny? = 1 has two solutions, namely, a*— Nb? = 1 and c*—Nd? = 1 
for some integers a, b, c, and d. Then x = ac + Nbd and y = ad + bc 
is also an integer solution to the Pell equation x* — Ny? = 1. That is, 


(ac + Nbd)* — N(ad + bc)* = 1. 


So we can generate new solutions to the Pell equation from old solutions. 
But the question remains: For which positive integers N (which are not 
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squares) does x* — Ny? = 1 have non-trivial solutions? To fully answer 
this question we return to the world of rational approximation. 


Securing the elusive solution 


We observed earlier that non-trivial solutions to the Pell equation x? — 
Ny? = 1 give rise to good approximations of N. Now we look at 
the connection between good rational approximations of N and Pell- 
like equations in the opposite way. That is, starting with a “good” rational 
approximation 7 of VN, let’s investigate x? — Ny”. Recall Version II of 
Dirichlet’s Rational Approximation Theorem. That version described the 
closeness of the rational approximation of the fraction 2 to /N by stating 
that jx — y/N| < a That concept of a good rational approximation is 
used as the hypothesis in the following theorem. 


9.18 Theorem. Let N be a natural number and suppose that x and y are 
positive integers satisfying |x —yJ/N| < a Then 


x+yVN <3y VN. 
A tiny bit of algebra gets us back to a Pell-like expression. 


9.19 Theorem. Let N be a natural number and suppose that x and y are 
positive integers satisfying |x — y/ N| < - Then 


|x? — Ny?| < 3VN. 


Notice that the preceding theorem tells us that any good rational approx- 
imation of VN gives rise to a Pell-like expression, |x? — Ny?|, which is an 
integer with a fixed bound. We want to find solutions to the Pell equation 
x? — Ny? = 1; however, let’s take what we can get at this point, namely, 
solutions to a Pell-like equation where the right side is some integer possibly 
different from 1. 


9.20 Theorem. There exists a non-zero integer K such that the equation 
x*—Ny*=K 
has infinitely many solutions in positive integers. 


Now we have infinitely many positive integer solutions to a Pell-like 
equation, 
x?— Ny? = K. 
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In the next few theorems we investigate how to use these to obtain a non- 
trivial solution to 
x? —Ny? =1. 


9.21 Lemma. Let n be a natural number and suppose that (xj, yj), i = 
1,2,3,... are infinitely many ordered pairs of integers. Then there exist 
distinct natural numbers j and k such that 


Xj =X_~ (modn) and y; =y~ (mod n). 


9.22 Lemma. Let N be a natural number and K be a non-zero integer and 
let (x;, yj) and (xx, yx) be two distinct integer solutions to x —Ny? = K 
satisfying 


Xj =xX~ (mod |K|) and y; = yx (mod |K)). 


Then ie 
XjXk — Vi x; =X ; 
epee hal? a and y= ee kYj 

are integers satisfying x” — Ny? = 1. 


What you have now proved is that the Pell equation x7 — Ny? = 1 has 
non-trivial solutions for every possible case, namely for any natural number 
N that is not a perfect square. 


9.23 Theorem. /f N is a positive integer that is not a square, then the Pell 
equation x* — Ny* = 1 has a non-trivial solution in positive integers. 


An excellent way to understand a proof is to follow the steps of the proof 
for some particular examples. That is what we ask you to do in the next 
exercise. 


9.24 Exercise. Follow the steps of the preceding theorems to find several 
solutions to the Pell equations x? — 5y? = 1 and x? — 6y? = 1 and then 
give some good rational approximations to \/5 and V6. 


The structure of the solutions to the Pell equations 


We have now proved that the Pell equations have solutions, but in fact those 
solutions have a satisfying kind of structure to them, which we will explore 
in this section. This structure arises from our inability to resist factoring 
when we have the chance. 
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The left sides of the Pell equations x? — Ny? = 1 look very much like the 
difference of two squares. It is difficult to see a difference of two squares 
without succumbing to the urge to factor. Giving in to that temptation pays 
off in this case. Of course, there is one unpleasant part of that factoring, 
namely, when N is not a perfect square, the factors involve an irrational 
number, VN. Never mind, let’s factor anyway. 


x? — Ny? =1, 
(x+ yVN) (x-yVN) =1. 


Definition. Let N be a natural number. We say that a real number a = 
r+s<VQN, with r and s integers, gives a solution to the Pell equation 
x? — Ny? = lif r? — Ns? =1. 


The next several theorems work out the algebraic structure of the real 
numbers that give integer solutions to a given Pell equation. 


9.25 Theorem. Let N be a natural number and rj, r2, 81, and sz be 
integers. If a = 1, +5,VN and B = r2 + 52VN both give solutions to 
the Pell equation x* — Ny? = 1, then so does af. 


9.26 Theorem. Let N be a natural number and r and s integers. If a = 
r+s/N gives a solution to x? — Ny? = 1, then so does 1/a. 


Note: Abstract algebra is a study of algebraic structures and relation- 
ships. When you study abstract algebra, one of the first structures you will 
encounter is a group. We won’t define the idea of a group here, but the 
previous two theorems tell us that the set of real numbers of the form 
r+sJ/N, with r and s integers, which give solutions to the Pell equation 
x? — Ny? = 1, form a group with respect to the operation of multiplication. 


9.27 Corollary. Let N be a natural number and r and 5s integers. If 
a =r-+sWN gives a solution to x? — Ny? = 1, then so does a for any 
integer k. 


9.28 Exercise. Let N be a natural number and r and s integers. Show 
that if r + sVN gives a solution to x? — Ny? = 1, then so do each of 


r—svN, —r+sVN, and —r—sVN. 


9.29 Theorem. Let N be a positive integer that is not a square. Let A be 
the set of all real numbers of the form r +sV/N, with r and s positive 
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integers, that give solutions to x* — Ny* = 1. Then 
1. there is a smallest element a in A, 


2. the real numbers a*, k = 1,2,... give all positive integer solutions 
to x? — Ny? =1. 


(Hint: For part (1), try showing that the numbers in question are ordered 
by r. Then use the Well-Ordering Axiom.) 


Let’s reflect on what we have shown so far. If the natural number NV 
is a perfect square, then the Pell equation x7 — Ny? = 1 has only trivial 
solutions. In all other cases, it suffices to focus on just the positive integer 
solutions. In these cases, Theorem 9.23 tells us that there is a non-trivial 
solution and Theorem 9.29 suggests that in a sense there is a “smallest” 
solution in positive integers, which generates all of the infinitely many 
other positive integer solutions. So our investigation of the Pell equations 
has revealed a satisfying mathematical structure. 


9.30 Blank Paper Exercise. After not looking at the material in this chap- 
ter for a day or two, take a blank piece of paper and outline the development 
of that material in as much detail as you can without referring to the text 
or to notes. Places where you get stuck or can’t remember highlight areas 
that may call for further study. 


Bovine Math 


Pell equations are not merely mathematical amusements. They also arise in 
ranching by the gods. The following is an English translation, due to Ivor 
Thomas, of the problema bovinum attributed to Archimedes. It is written 
in the form of a challenge, and considers the number of four different types 
of cattle belonging to the herd of the sun god Helios. 


If thou art diligent and wise, O stranger, compute the number of cattle 
of the Sun, who once upon a time grazed on the fields of the Thrinacian 
isle of Sicily, divided into four herds of different colours, one milk 
white, another a glossy black, a third yellow and the last dappled. In 
each herd were bulls, mighty in number according to these proportions: 
Understand, stranger, that the white bulls were equal to a half and a 
third of the black together with the whole of the yellow, while the black 
were equal to the fourth part of the dappled and a fifth, together with, 
once more, the whole of the yellow. Observe further that the remaining 
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bulls, the dappled, were equal to a sixth part of the white and a seventh, 
together with all of the yellow. These were the proportions of the cows: 
The white were precisely equal to the third part and a fourth of the 
whole herd of the black; while the black were equal to the fourth part 
once more of the dappled and with it a fifth part, when all, including 
the bulls, went to pasture together. Now the dappled in four parts were 
equal in number to a fifth part and a sixth of the yellow herd. Finally 
the yellow were in number equal to a sixth part and a seventh of the 
white herd. If thou canst accurately tell, O stranger, the number of 
cattle of the Sun, giving separately the number of well-fed bulls and 
again the number of females according to each colour, thou wouldst 
not be called unskilled or ignorant of numbers, but not yet shalt thou 
be numbered among the wise. 


But come, understand also all these conditions regarding the cattle of 
the Sun. When the white bulls mingled their number with the black, 
they stood firm, equal in depth and breadth, and the plains of Thrinacia, 
stretching far in all ways, were filled with their multitude. Again, when 
the yellow and the dappled bulls were gathered into one herd they stood 
in such a manner that their number, beginning from one, grew slowly 
greater till it completed a triangular figure, there being no bulls of other 
colours in their midst nor none of them lacking. If thou art able, O 
stranger, to find out all these things and gather them together in your 
mind, giving all the relations, thou shalt depart crowned with glory 
and knowing that thou hast been adjudged perfect in this species of 
wisdom. 


How can we hope to be crowned with glory? Obviously, we must get 
our cows and bulls in a row, steer clear of mooving mooers, and solve this 
bully conundrum. 

The first paragraph translates mathematically into a system of seven linear 
equations in 8 unknowns (the four types of bulls: W, B, Y, D, and the 
four types of cows: w, b, y, d). There is a 1-parameter family of solutions 
given by 


W = 10366482k w = 7206360k 
B = 7460514k b = 4893246k 
Y = 4149387k y = 5439213k 


D = 7358060k d = 3515820k 
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The second paragraph imposes two additional conditions: the sum of the 
white bulls and the black bulls should be a square, and the sum of the 
yellow bulls and the dappled bulls should be a triangular number, that is, 
a number of the form 1 + 2+---+m = m(m + 1)/2. These constraints 
tell us that 


W + B = 10366482k + 7460514k = 17826996k = n? (1) 


for some integer n, and 


1 
Y + D = 4149387k + 7358060k = 11507447k = mee) (2) 


for some integer m. The factorization 17826996 = 2” -3-11-29-4657 tells 
us that the value of & in equation (1) must be of the form 


k =3-11-29- 4657: y? = 4456749y? 


for some integer y. Combining this with the equation (2) gives 


1 
11507447 - 4456749y? = saat 


or 


51285802909803y? = 


m(m + 1) 
eae: @) 


Completing the square on the right-hand side of equation (3) we obtain 


mm+1) (m+1/2)?-1/4 1 5 
=o 1)* —1). 
2 2 gene =) 
So, by multiplying equation (3) by 8, and making the substitution x = 
2m + 1 we obtain 


8 - 51285802909803y? = x? — 1, 


or 
x* — 410286423278424y? = 1, 


a Pell equation! 

Our translation of the cattle problem into a Pell equation is unlikely to 
have been employed during Archimedes’ time. And even more unlikely is it 
that he, or any of his contemporaries, produced a solution, even though we 
now know that in fact there are infinitely many. The first known complete 
solution, aided by computers, was given in 1965 by H. C. Williams, R. 
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A. German, and C. R. Zarnke. The smallest sized herd satisfying all the 
conditions is so vast that to write down the number of cattle we would 
need to use 206545 digits! That’s a lot of bulls. To put that number in 
perspective, the number of atoms in the universe is estimated to be described 
with a number with a mere 80 digits. 

Archimedes was not the only mathematician to issue challenges. Fermat 
was known to challenge his contemporaries as well. In 1657 he sent letters 
asking William Brouncker and John Wallis (1616-1703) to find integer 
solutions to the equations x? — 15ly? = 1 and x? — 313y? = 1. Both 
stepped up to the challenge and gave integer solutions in reply. 

But it is in early Indian mathematics that we find the first systematic 
study of Pell equations. Brahmagupta was aware of how to generate new 
solutions from old in much the same manner as we explored in Theo- 
rem 9.17, and both Brahmagupta and Bhaskara (1114-1185) discovered 
methods for turning solutions of x? — Ny? = K (for small K) into solu- 
tions to x? — Ny* = 1. So Pell equations have spanned the ages, spanned 
the globe, and have even amused the sun god. 


Sts 
The Search for Primes 


Primality Testing 


Determining whether or not a large number is prime has practical impor- 
tance in cryptography as seen in Chapter 5. If a number is relatively small, 
we might try simple trial division up to its square root (see Theorem 2.3). If 
we find no divisor, we have a prime. But trial division quickly becomes an 
overwhelming burden. Trial division on a large number, say with 100’s of 
digits, would take today’s fastest computers longer than the entire history 
of the universe since the Big Bang 13.6 billion years ago. That is too long 
to wait. So trial division is not a fast algorithm for determining primality. 


Is it prime? 


In this section we look at the notion of a primality test. We also examine 
just exactly what mathematicians mean when describing an algorithm as 
“fast.” 

To be precise, by a primality test we mean a theorem of the form 


A natural number n is prime if and only if 


where the blank would be filled in by some testable condition on n. For 
example 


Theorem. 4 natural number n is prime if and only if for all primes p < 
/n, p does not divide n. 


Although this theorem provides a primality test, it does little to help 
our agent in the field set up a secure RSA public key code system. It is 
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completely impractical for identifying, say, 200 digit primes. In Chapter 4 
we find the following primality test. 


Theorem (Wilson’s Theorem and Converse). A natural number n is prime 
if and only if (n — 1)! = —1 (mod n). 


Unfortunately, there are no general shortcuts for computing (n — 1)! 
(mod n), and as n begins to grow, even our fastest computers become 
overwhelmed with the computation. 

Mathematicians measure the speed or complexity of a primality testing 
algorithm as a function of the number of digits in the number to be tested. 


10.1 Exercise. [fn is a d-digit number, explain why the trial division 
primality test requires roughly 104’ trials. 


10.2 Exercise. [fn is a d-digit number, explain why the Wilson’s Theorem 
primality test requires roughly 104 multiplications. 


These two algorithms are said to run in exponential time since the re- 
quired number of steps is an exponential function in the number of digits in 
the number to be tested. Exponential time algorithms are considered slow, 
and quickly become impractical for modern computers to carry out. A faster 
class of algorithms are those which run in polynomial time, that is, those 
for which the number of required steps is a polynomial function in the num- 
ber of digits. Just how much of a difference does polynomial time versus 
exponential time make? 


10.3 Question. Suppose that Algorithm A requires d* steps and Algorithm 
B requires 2% steps, where d is the number of digits in the number to be 
tested. Suppose our computer can carry out one million steps per second. 
How long would it take for our computer to carry out each algorithm when 
the number to be tested has 200 digits? 


Fermat’s Little Theorem and probable primes 


Both primality tests given in the preceding section are impractical for iden- 
tifying really large primes. On the other hand, computing powers modulo 
n is an operation we have seen to be fast even for large numbers. In fact, 
in Chapter 3 you discovered that the computation of a” (mod n) requires 
roughly log, r multiplications. 
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10.4 Exercise. Show that the algorithm described in Question 3.6 for com- 
puting a’ (mod n) is a polynomial time algorithm in the number of digits 
inr. 


In the next series of problems you will explore the use of this operation 
as a means of testing for primality by starting with a familiar theorem. 


Theorem (Fermat’s Little Theorem). Let p be a prime. Then for all natural 
numbers a less than p, a?~! =1 (mod p). 


Fermat’s Little Theorem can be useful for showing certain numbers are 
composite. 


10.5 Exercise. State the contrapositive of Fermat’s Little Theorem. 


10.6 Exercise. Use Fermat’s Little Theorem to show that n = 737 is 
composite. 


Unfortunately, the statement of Fermat’s Little Theorem lacks the logical 
connective “if and only if” that we desire for a primality test. This raises 
the question of whether the converse to Fermat’s Little Theorem is true. 


10.7 Question. State the converse to Fermat’s Little Theorem. Do you 
think the converse to Fermat's Little Theorem is true? 


10.8 Theorem. Let n be a natural number greater than |. Then n is prime 
if and only if a”~! = 1 (mod n) for all natural numbers a less than n. 


10.9 Question. Does the previous theorem give a polynomial or exponen- 
tial time primality test? 


Inventing polynomial time primality tests is quite a challenge. One way to 
salvage some good from Fermat’s Little Theorem is to weaken our demand 
of certainty. What if instead we look for a probable prime test, by which 
we mean a statement of the form 


If ___”. then 7 is very likely to be prime. 
where the blank would be filled in by some testable condition on n. 
10.10 Exercise. Compute 2”! (mod n) for all odd numbers n less than 
100. [f you have access to a computer, and some computing software, keep 


going. Test any conjectures you make along the way. State a probable prime 
test based on your observations. 
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The evidence you collected hopefully suggests the following probable 
prime test for natural numbers 1 bigger then 2. 


27-141 (modn), then n is composite, 


a (mod n), then n is very likely prime. 


We cannot remove the words “very likely” in this probable prime test 
because there are composite numbers n for which 2”~! = 1 (mod n). The 
first composite that fools our probable prime test is 341 = 11-31. Com- 
posite numbers n such that 2”~! = 1 (mod n) are sometimes called Poulet 
numbers. There are infinitely many, but they are so rare that for practi- 
cal purposes, most people feel completely comfortable using our probable 
prime test to identify large primes. 

For example, if 7 is a randomly chosen 13 digit odd number and 2”~! = 
(mod 7), then there is a 99.9999996% chance that n is prime, because there 
are 308457624821 13 digit primes and 132640 13 digit Poulet numbers. 
Would you feel safe with those odds? At a cost of guaranteed certainty, we 
now have a polynomial time probable prime test! 


AKS primality 


There are many polynomial time probable prime tests, but it was not known 
until the summer of 2002 whether or not a polynomial time primality test 
could exist. That summer an Indian scientist and two of his undergraduate 
students made public their discovery of a deterministic polynomial time 
primality test. Manindra Agrawal and his students Neeraj Kayal and Nitin 
Saxena would eventually win the Gédel prize in computer science for their 
work. 

The test, now know as the AKS primality test, is based on the following 
theorem. 


10.11 Theorem. Let a and n be relatively prime natural numbers. Then n 
is prime if and only if (x +a)" =x" +a (mod n) for every integer x. 


This theorem alone constitutes a primality test, but a slow one at that. The 
problem lies in the fact that there are n different coefficients to compute in 
(x +a)” (mod n). Part of what Agrawal, Kayal, and Saxena were able to 
figure out is how to reduce the degree of the polynomials that need to be 
checked. 

The polynomial time deterministic AKS primality test may be beyond 
the scope of this book, but please do not assume that it is beyond the scope 
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of your abilities. With a little bit of abstract algebra and the number theory 
you have learned so far you’ll be more than prepared to tackle the AKS 
primality test for yourself. 


10.12 Blank Paper Exercise. After not looking at the material in this 
chapter for a day or two, take a blank piece of paper and outline the 
development of that material in as much detail as you can without referring 
to the text or to notes. Places where you get stuck or can’t remember 
highlight areas that may call for further study. 


Record Primes 


A list of the largest known primes will show that they all share the following 
property: each prime is either 1 more or | less than an easily factored 
number. In September, 2006, the largest known prime was 


32582657 pe | ‘ 


which is a Mersenne prime with over 9.8 million digits. Clearly it is 1 less 
than a very easily factored number. In fact, the six largest known primes 
are Mersenne primes (again, as of September 2006), and the seventh largest 
is 

27653 - 27167433 +1, 


which is 1 more than an easily factored number (27653 is prime). This fact 
is not just coincidence. When 7 is a natural number of a certain special 
form, much more efficient primality tests are available for determining the 
nature of n. In this section we present some of these wonderful theorems 
that have helped people discover some of the largest known primes. 

The late nineteenth century witnessed tremendous progress in the math- 
ematics of primality testing. Edouard Lucas (1842-1891) was one of the 
thinkers who concerned themselves with such matters. The n-th Fermat 
number is given by F, = 22" + 1. Fermat had determined that F,, F», 
F3, and F4 are each prime and conjectured that every Fermat number was 
prime (although he didn’t call them Fermat numbers). In 1732 Euler proved 
that Fermat’s conjecture was false by showing that F5 = 4294967297 is 
divisible by 641. But the nature of Fé remained unresolved until Lucas 
developed a primality test for Fermat numbers that proved that F¢ is also 
composite. 

Father Theophile Pepin (1826-1905), a contemporary of Lucas, published 
another primality test for Fermat numbers in 1877 which still bears his name. 
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Theorem (Pepin’s Test). Let F, denote the n-th Fermat number. Then Fy 
is prime if and only if 


3Fn-1)/2 = |) (mod F,). 


In Pepin’s original theorem the condition appears as 5(¥"—)/2 = —1 
(mod F;,). It was another contemporary, Francois Proth (1852-1879), who 
pointed out that 3 would work as well as 5. Proth contributed primality tests 
of his own as well, which have been implemented today (see Yves Gallot’s 
Proth.exe) and are responsible for finding some of the currently largest 
known primes (at least those that are not Mersenne primes). Proth’s 1878 
test is as follows. 


Theorem (Proth’s Test). Let n and k be natural numbers, and let N = 
k-2" + 1 with 2” > k. If there is an integer a such that 


aN-V/2 =_1 (mod N), 
then N is prime. 


So what about the record-holding Mersenne primes? In 1930 D. H. 
Lehmer (1905-1991) completed a dissertation at Brown University titled 
An Extended Theory of Lucas’ Functions. In it, we find the following test, 
which is responsible for identifying today’s largest known primes. The form 
of this theorem is similar to that of Lucas’ earlier primality tests for Fermat 
numbers. 


Theorem (Lucas-Lehmer Test). Let M, = 2” —1 denote the n-th Mersenne 
number, and define the sequence {S;} by 


So=4, Siti = S? -2. 
Then My, is prime if and only if Sn-2 = 0 (mod M,,). 


Since there are infinitely many primes, the quest for ever larger primes 
is an endless pursuit. The current strategies for finding such primes involve 
having many computers, contributed by volunteers around the world, work 
in concert to find new, huge primes. Number theory has had unexpected 
applications to cryptography, as we saw in Chapter 5. Perhaps an unexpected 
consequence of the search for large primes will be the development of 
previously unimagined strategies for global cooperation. 


LL 
Mathematical Induction: 
The Domino Effect 


The Infinitude Of Facts 


Many mathematical theorems are really infinitely many little theorems all 
packaged into one statement. For example, we learn the following theorem 
in calculus: Every polynomial function is continuous. If you were lucky 
enough to also see a proof of this theorem, you would know that we did not 
separately consider every polynomial. If we did, you would still be sitting 
in that calculus class. One of the great strengths of mathematical reasoning 
and logic is the ability to prove an infinite number of facts in a finite amount 
of space and time. 


Gauss’ formula 


Carl Friedrich Gauss was a famous mathematician of the early 19th century. 
A story about his boyhood has made its way into mathematical folklore. As 
the story goes, an elementary school teacher of Gauss wanted to keep his 
students busy while he graded papers. To this end, he asked his students to 
add up the first one hundred numbers, thinking this task would keep them 
quiet for a long time. To the dismay of the teacher, Gauss quickly discovered 
a shortcut to replace the tedious addition problem and came up with the 
answer after only a few short moments. As a cultural aside, historians feel 
that this story is probably false, and some feel that it promotes the false 
myth that mathematics is a subject only for the rare genius rather than for 
everybody. Regardless of the historical or political status of the story, the 
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technique for adding the first n natural numbers is an excellent one to use 
to illustrate a form of reasoning known as mathematical induction. Let’s see 
how we would develop and prove Gauss’ formula for adding up numbers. 

To show that we are really proving a lot of separate facts, we start by 
listing a few of those facts, designating them as theorems. Of course, you can 
simply verify each of the following theorems by just doing the arithmetic. 
That’s fine for now. 


A.1 Theorem. 1 = OQ) 


A.2 Theorem. 1 + 2 = OY) 


A.3 Theorem. 1 + 2+3 = QO 
A4 Theorem. 1+2+3+4= @@)_ 
A.5 Theorem. 1+24+34+4+4+5= 8. 


Okay, this is getting a little tedious. Let’s see that it is not necessary to 
start each of this potentially infinite list of theorems from scratch. Once we 
have successfully proved one of these theorems, verifying the next one is 
much easier. 


A.6 Question. Can you use the fact that 1+2+3+4+4+4+5= GE) to 
verify that 
6)(7 
14243444546= 00 


without having to re-add 1+2+3+4+5? 


Hopefully, your strategy did not depend in any meaningful way on the 
specific numbers involved. To clarify this fact, let’s do another one. Notice 
that you are not asked to verify the sum up to 129—just accept that one as 
true. 


A.7 Question. Suppose it is true that 1 +.2+3+-++»+ 129 = G29)030). 


Can you use this fact to show that 
130)(131 
14+2+3+4+---+129+4 130= oe 


Try to do it without performing extensive addition. 


Just one more to drive the point home. 
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A.8 Question. Suppose it is true that 1+2+4+3+4+---+ 172391 = 
07239 1)072392) Can you use this fact to show that 


172392)(172393 
14+24+3+4---+ 172391 + 172392 = Cee 

In fact, what you are really doing is proving that if you know that the 
formula holds for any natural number, then it also holds for the next natural 
number. 


A.9 Exercise. Suppose some natural number k is chosen and you are told 
it is true that 1+2+3+---+k= O@ry Use this fact to show that 


(k + 1)(k + 2) 


142434--+k+k+D= - 


Once you have done the above exercise, you have all the ingredients to 
prove that the formula is true for any number. You have proved (1) that 
the formula is true for the first natural number and (2) that you can always 
take one more step, that is, you have proved that if the formula is true for 
any given natural number, then it is also true for the next natural number. 
Why do those two steps convince you that the formula must be true for all 
natural numbers? This reasoning provides a proof of the following theorem. 


A.10 Theorem. Let n be a natural number. Then 1+2+3+:+-:-+n= 
(n)(n+1) 
—— 


The strategy of (1) proving a base case and then (2) proving that the truth 
of the assertion of an arbitrary natural number implies its truth for the next 
natural number is a method of reasoning called proof by induction. 


Another formula 


Let’s go through the same process for another formula. Start by directly 
verifying the first few theorems. 


A.11 Theorem. 1 + 2 = 2? —1. 
A.12 Theorem. 1 + 2 +2? = 23-1. 
A.13 Theorem. 1 + 2 + 2? + 2? = 24-1. 


A.14 Theorem. 1 +2 +27 +23+4+24 =2>-1. 
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Can you use the truth of one step to prove the truth of the next one? 


A.15 Question. Can you use the fact that 1+2+4+27+4+234+24=2°-1 
to verify that 
142427423 4+24+2° =2°-1, 


without performing extensive arithmetic? 


In the next question, don’t independently verify the case up to 2*”—just 
assume that formula is true to do the next higher case. 


A.16 Question. Suppose it is true that 1 +2 +2? 4+-+--+237 = 238-1. 
Can you use this fact to show 


Te 2 ee FS = 1? 
Do it without performing any extensive arithmetic. 


Of course, your method did not depend on the particular number 37, 
so let’s write down the fact that you can now prove that you can always 
take one more step, that is, the truth of the formula for one natural number 
implies the truth of the formula for the next natural number. 


A.17 Question. Suppose it is true that 1+2+2?+-+-+2* = 2k+1 1. 
Can you use this fact to show 
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Again, you have proved (1) that the formula is true for the first natural 
number and (2) that you can always take one more step, that is, you have 
proved that if the formula is true for any given natural number, then it is 
also true for the next natural number. Why do those two steps convince 
you that the formula must be true for all natural numbers? This reasoning 
provides a proof of the following theorem. 


A.18 Theorem. For every natural number n, 1 +2+2%+---+2" = 
grt —1. 


On your own 
Prove the following theorems by induction. 
A.19 Theorem. For every natural number n, 


n(n + 1)2n + 1) 


P4+24--4n7= ; 


Appendix A. Mathematical Induction: The Domino Effect 133 


A.20 Theorem. For every natural number n > 3, 2” < nl. 


A.21 Theorem. For every natural number n, 


B4234---+nF7=(1+2+---+7). 


Strong induction 


In this section we are going to introduce a slightly different mode of rea- 
soning that is called strong induction. 

Consider the following game involving two players, whom we will call 
Player | and Player 2. Two piles each containing the same number of rocks 
sit between the players. At each turn a player may remove any number of 
rocks (other than zero) from one of the piles. The player to remove the last 
rock wins. Player | always goes first. 


A.22 Theorem. Jf each pile contains exactly one rock, Player 2 will win. 


A.23 Theorem. Jf each pile contains two rocks, Player 2 has a winning 
strategy. 


A.24 Theorem. Jf each pile contains three rocks, Player 2 has a winning 
strategy. 


A.25 Theorem. If each pile contains four rocks, Player 2 has a winning 
strategy. 


A.26 Question. Jn proving the theorem for piles with four rocks each, did 
you consider all possible scenarios, or did you make use of the previous 
three theorems? 


In the next question you are not being asked to analyze each of the first 
11 cases. Instead, you are asked to assume that those have been done and 
then use that information to show that Player 2 has a winning strategy when 
there are 12 rocks. 


A.27 Exercise. Suppose you know that Player 2 has a winning strategy 
for this game when the number of rocks in each pile is 1, 2, 3, ..., 10, or 
11. Show that Player 2 has a winning strategy when each pile contains 12 
rocks. 


Of course, the number 11 could have been any number. Let’s replace it 
with a variable. 
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A.28 Exercise. Let k be a natural number. Suppose you know that Player 
2 has a winning strategy for this game when the number of rocks in each 
pile is any one of the following natural numbers: 1, 2, 3, ..., k. Show that 
Player 2 has a winning strategy when each pile contains k + 1 rocks. 


You have proved (1) that Player 2 has a winning strategy for the first 
natural number and (2) that you can always take one more step, that is, you 
have proved that if Player 2 has a winning strategy for each natural number 
up to a certain point, then Player 2 has a winning strategy for the next 
natural number. Why do those two steps convince you that Player 2 has a 
winning strategy for any size of beginning piles? This reasoning provides 
a proof of the following theorem. 


A.29 Theorem. For any natural number n of rocks in each pile to begin, 
Player 2 has a winning strategy. 


The strategy of (1) proving a base case and then (2) proving that the 
truth of the assertion for all natural numbers up to a certain natural number 
implies its truth for the next natural number is a method of reasoning called 
proof by strong induction. 


On your own 


Prove the following theorems by strong induction. 


A.30 Theorem. Every natural number can be written as the sum of distinct 
powers of 2. 


A.31 Theorem. Every natural number greater than 7 can be written as a 
sum of 3’s and 5’s. 


Definition. A polynomial is said to be reducible if it can be written as a 
product of two polynomials each of smaller degree. Otherwise it is said to 
be irreducible. 


A.32 Theorem. Every polynomial can be written as a product of irre- 
ducible polynomials. 


A.33 Exercise. Describe in detail the strategies of induction and strong 
induction and explain why those modes of proof are valid. 
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